CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.8%

CVSS Severity

CVSS v3 Score 6.5

References

Products affected by CVE-2024-12087

Samba » Rsync » Version: 1.6.4

cpe:2.3:a:samba:rsync:1.6.4
Samba » Rsync » Version: 1.6.5

cpe:2.3:a:samba:rsync:1.6.5
Samba » Rsync » Version: 1.6.6

cpe:2.3:a:samba:rsync:1.6.6
Samba » Rsync » Version: 1.6.7

cpe:2.3:a:samba:rsync:1.6.7
Samba » Rsync » Version: 1.6.8

cpe:2.3:a:samba:rsync:1.6.8
Samba » Rsync » Version: 1.6.9

cpe:2.3:a:samba:rsync:1.6.9
Samba » Rsync » Version: 1.7.0

cpe:2.3:a:samba:rsync:1.7.0
Samba » Rsync » Version: 1.7.1

cpe:2.3:a:samba:rsync:1.7.1
Samba » Rsync » Version: 1.7.2

cpe:2.3:a:samba:rsync:1.7.2
Samba » Rsync » Version: 1.7.3

cpe:2.3:a:samba:rsync:1.7.3
Samba » Rsync » Version: 1.7.4

cpe:2.3:a:samba:rsync:1.7.4
Samba » Rsync » Version: 2.0.0

cpe:2.3:a:samba:rsync:2.0.0
Samba » Rsync » Version: 2.0.1

cpe:2.3:a:samba:rsync:2.0.1
Samba » Rsync » Version: 2.0.10

cpe:2.3:a:samba:rsync:2.0.10
Samba » Rsync » Version: 2.0.11

cpe:2.3:a:samba:rsync:2.0.11
Samba » Rsync » Version: 2.0.12

cpe:2.3:a:samba:rsync:2.0.12
Samba » Rsync » Version: 2.0.13

cpe:2.3:a:samba:rsync:2.0.13
Samba » Rsync » Version: 2.0.14

cpe:2.3:a:samba:rsync:2.0.14
Samba » Rsync » Version: 2.0.15

cpe:2.3:a:samba:rsync:2.0.15
Samba » Rsync » Version: 2.0.16

cpe:2.3:a:samba:rsync:2.0.16
Samba » Rsync » Version: 2.0.17

cpe:2.3:a:samba:rsync:2.0.17
Samba » Rsync » Version: 2.0.18

cpe:2.3:a:samba:rsync:2.0.18
Samba » Rsync » Version: 2.0.19

cpe:2.3:a:samba:rsync:2.0.19
Samba » Rsync » Version: 2.0.2

cpe:2.3:a:samba:rsync:2.0.2
Samba » Rsync » Version: 2.0.3

cpe:2.3:a:samba:rsync:2.0.3
Samba » Rsync » Version: 2.0.4

cpe:2.3:a:samba:rsync:2.0.4
Samba » Rsync » Version: 2.0.5

cpe:2.3:a:samba:rsync:2.0.5
Samba » Rsync » Version: 2.0.6

cpe:2.3:a:samba:rsync:2.0.6
Samba » Rsync » Version: 2.0.7

cpe:2.3:a:samba:rsync:2.0.7
Samba » Rsync » Version: 2.0.8

cpe:2.3:a:samba:rsync:2.0.8
Samba » Rsync » Version: 2.0.9

cpe:2.3:a:samba:rsync:2.0.9
Samba » Rsync » Version: 2.1.0

cpe:2.3:a:samba:rsync:2.1.0
Samba » Rsync » Version: 2.1.1

cpe:2.3:a:samba:rsync:2.1.1
Samba » Rsync » Version: 2.2.0

cpe:2.3:a:samba:rsync:2.2.0
Samba » Rsync » Version: 2.2.1

cpe:2.3:a:samba:rsync:2.2.1
Samba » Rsync » Version: 2.3.0

cpe:2.3:a:samba:rsync:2.3.0
Samba » Rsync » Version: 2.3.1

cpe:2.3:a:samba:rsync:2.3.1
Samba » Rsync » Version: 2.3.2

cpe:2.3:a:samba:rsync:2.3.2
Samba » Rsync » Version: 2.3.3

cpe:2.3:a:samba:rsync:2.3.3
Samba » Rsync » Version: 2.4.0

cpe:2.3:a:samba:rsync:2.4.0
Samba » Rsync » Version: 2.4.1

cpe:2.3:a:samba:rsync:2.4.1
Samba » Rsync » Version: 2.4.2

cpe:2.3:a:samba:rsync:2.4.2
Samba » Rsync » Version: 2.4.3

cpe:2.3:a:samba:rsync:2.4.3
Samba » Rsync » Version: 2.4.4

cpe:2.3:a:samba:rsync:2.4.4
Samba » Rsync » Version: 2.4.5

cpe:2.3:a:samba:rsync:2.4.5
Samba » Rsync » Version: 2.4.6

cpe:2.3:a:samba:rsync:2.4.6
Samba » Rsync » Version: 2.4.7

cpe:2.3:a:samba:rsync:2.4.7
Samba » Rsync » Version: 2.4.8

cpe:2.3:a:samba:rsync:2.4.8
Samba » Rsync » Version: 2.5.0

cpe:2.3:a:samba:rsync:2.5.0
Samba » Rsync » Version: 2.5.1

cpe:2.3:a:samba:rsync:2.5.1
Samba » Rsync » Version: 2.5.2

cpe:2.3:a:samba:rsync:2.5.2
Samba » Rsync » Version: 2.5.3

cpe:2.3:a:samba:rsync:2.5.3
Samba » Rsync » Version: 2.5.4

cpe:2.3:a:samba:rsync:2.5.4
Samba » Rsync » Version: 2.5.5

cpe:2.3:a:samba:rsync:2.5.5
Samba » Rsync » Version: 2.5.6

cpe:2.3:a:samba:rsync:2.5.6
Samba » Rsync » Version: 2.5.7

cpe:2.3:a:samba:rsync:2.5.7
Samba » Rsync » Version: 2.6.0

cpe:2.3:a:samba:rsync:2.6.0
Samba » Rsync » Version: 2.6.1

cpe:2.3:a:samba:rsync:2.6.1
Samba » Rsync » Version: 2.6.2

cpe:2.3:a:samba:rsync:2.6.2
Samba » Rsync » Version: 2.6.3

cpe:2.3:a:samba:rsync:2.6.3
Samba » Rsync » Version: 2.6.4

cpe:2.3:a:samba:rsync:2.6.4
Samba » Rsync » Version: 2.6.5

cpe:2.3:a:samba:rsync:2.6.5
Samba » Rsync » Version: 2.6.6

cpe:2.3:a:samba:rsync:2.6.6
Samba » Rsync » Version: 2.6.7

cpe:2.3:a:samba:rsync:2.6.7
Samba » Rsync » Version: 2.6.8

cpe:2.3:a:samba:rsync:2.6.8
Samba » Rsync » Version: 2.6.9

cpe:2.3:a:samba:rsync:2.6.9
Samba » Rsync » Version: 3.0.0

cpe:2.3:a:samba:rsync:3.0.0
Samba » Rsync » Version: 3.0.1

cpe:2.3:a:samba:rsync:3.0.1
Samba » Rsync » Version: 3.0.2

cpe:2.3:a:samba:rsync:3.0.2
Samba » Rsync » Version: 3.0.3

cpe:2.3:a:samba:rsync:3.0.3
Samba » Rsync » Version: 3.0.4

cpe:2.3:a:samba:rsync:3.0.4
Samba » Rsync » Version: 3.0.5

cpe:2.3:a:samba:rsync:3.0.5
Samba » Rsync » Version: 3.0.6

cpe:2.3:a:samba:rsync:3.0.6
Samba » Rsync » Version: 3.0.7

cpe:2.3:a:samba:rsync:3.0.7
Samba » Rsync » Version: 3.0.8

cpe:2.3:a:samba:rsync:3.0.8
Samba » Rsync » Version: 3.0.9

cpe:2.3:a:samba:rsync:3.0.9
Samba » Rsync » Version: 3.1.0

cpe:2.3:a:samba:rsync:3.1.0
Samba » Rsync » Version: 3.1.1

cpe:2.3:a:samba:rsync:3.1.1
Samba » Rsync » Version: 3.1.2

cpe:2.3:a:samba:rsync:3.1.2
Samba » Rsync » Version: 3.1.3

cpe:2.3:a:samba:rsync:3.1.3
Samba » Rsync » Version: 3.2.0

cpe:2.3:a:samba:rsync:3.2.0
Samba » Rsync » Version: 3.2.1

cpe:2.3:a:samba:rsync:3.2.1
Samba » Rsync » Version: 3.2.2

cpe:2.3:a:samba:rsync:3.2.2
Samba » Rsync » Version: 3.2.3

cpe:2.3:a:samba:rsync:3.2.3
Samba » Rsync » Version: 3.2.4

cpe:2.3:a:samba:rsync:3.2.4
Almalinux » Almalinux » Version: 10.0

cpe:2.3:o:almalinux:almalinux:10.0
Almalinux » Almalinux » Version: 8.0

cpe:2.3:o:almalinux:almalinux:8.0
Almalinux » Almalinux » Version: 9.0

cpe:2.3:o:almalinux:almalinux:9.0
Archlinux » Arch Linux » Version: N/A

cpe:2.3:o:archlinux:arch_linux:-
Gentoo » Linux » Version: N/A

cpe:2.3:o:gentoo:linux:-
Nixos » Nixos » Version: N/A

cpe:2.3:o:nixos:nixos:-
Nixos » Nixos » Version: 13.10

cpe:2.3:o:nixos:nixos:13.10
Nixos » Nixos » Version: 14.04

cpe:2.3:o:nixos:nixos:14.04
Nixos » Nixos » Version: 14.12

cpe:2.3:o:nixos:nixos:14.12
Nixos » Nixos » Version: 15.09

cpe:2.3:o:nixos:nixos:15.09
Nixos » Nixos » Version: 16.03

cpe:2.3:o:nixos:nixos:16.03
Nixos » Nixos » Version: 16.09

cpe:2.3:o:nixos:nixos:16.09
Nixos » Nixos » Version: 17.03

cpe:2.3:o:nixos:nixos:17.03
Nixos » Nixos » Version: 17.09

cpe:2.3:o:nixos:nixos:17.09
Nixos » Nixos » Version: 18.03

cpe:2.3:o:nixos:nixos:18.03
Nixos » Nixos » Version: 18.09

cpe:2.3:o:nixos:nixos:18.09
Nixos » Nixos » Version: 19.03

cpe:2.3:o:nixos:nixos:19.03
Nixos » Nixos » Version: 19.09

cpe:2.3:o:nixos:nixos:19.09
Nixos » Nixos » Version: 20.03

cpe:2.3:o:nixos:nixos:20.03
Nixos » Nixos » Version: 20.09

cpe:2.3:o:nixos:nixos:20.09
Nixos » Nixos » Version: 21.05

cpe:2.3:o:nixos:nixos:21.05
Nixos » Nixos » Version: 21.11

cpe:2.3:o:nixos:nixos:21.11
Nixos » Nixos » Version: 22.05

cpe:2.3:o:nixos:nixos:22.05
Nixos » Nixos » Version: 22.11

cpe:2.3:o:nixos:nixos:22.11
Nixos » Nixos » Version: 23.05

cpe:2.3:o:nixos:nixos:23.05
Nixos » Nixos » Version: 23.11

cpe:2.3:o:nixos:nixos:23.11
Nixos » Nixos » Version: 24.05

cpe:2.3:o:nixos:nixos:24.05
Redhat » Enterprise Linux » Version: 8.0

cpe:2.3:o:redhat:enterprise_linux:8.0
Redhat » Enterprise Linux » Version: 9.0

cpe:2.3:o:redhat:enterprise_linux:9.0
Redhat » Enterprise Linux Eus » Version: 9.6

cpe:2.3:o:redhat:enterprise_linux_eus:9.6
Redhat » Enterprise Linux For Arm 64 » Version: 8.0_aarch64

cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64
Redhat » Enterprise Linux For Arm 64 » Version: 9.0_aarch64

cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64
Redhat » Enterprise Linux For Arm 64 Eus » Version: 9.6_aarch64

cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64
Redhat » Enterprise Linux For Ibm Z Systems » Version: 8.0_s390x

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x
Redhat » Enterprise Linux For Ibm Z Systems » Version: 9.0_s390x

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x
Redhat » Enterprise Linux For Ibm Z Systems Eus » Version: 9.6_s390x

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x
Redhat » Enterprise Linux For Power Little Endian » Version: 8.0_ppc64le

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le
Redhat » Enterprise Linux For Power Little Endian » Version: 9.0_ppc64le

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le
Redhat » Enterprise Linux For Power Little Endian Eus » Version: 9.6_ppc64le

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le
Redhat » Enterprise Linux Server Aus » Version: 9.6

cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 9.6_ppc64le

cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.6_ppc64le
Redhat » Enterprise Linux Update Services For Sap Solutions » Version: 9.6

cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.6
Suse » Suse Linux » Version: N/A

cpe:2.3:o:suse:suse_linux:-
Tritondatacenter » Smartos » Version: Any

cpe:2.3:o:tritondatacenter:smartos:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-12087

Products

Pricing

Contact Us