Vulnerability Details : CVE-2024-12088

A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
Published 2025-01-14 17:38:35
Updated 2025-03-11 04:15:24
Source Red Hat, Inc.
View at NVD,   CVE.org
Vulnerability category: Directory traversal

Products affected by CVE-2024-12088

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2024-12088

EPSS FAQ
0.08%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 22 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-12088

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
6.5
 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
N/A
N/A
 Red Hat, Inc. 2025-01-14
6.5
 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
2.8
3.6
 Red Hat, Inc. 2025-01-14

CWE ids for CVE-2024-12088

  • The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
    Assigned by:
    • 53f830b8-0a3f-465b-8143-3b8a9948e749 (Primary)
    • secalert@redhat.com (Secondary)

References for CVE-2024-12088

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close