Vulnerability DatabaseCVE-2024-12086
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-12086
January 14, 2025
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
Related Resources (7)
https://security.netapp.com/advisory/ntap-20250131-0002/
https://www.kb.cert.org/vuls/id/952657
https://bugzilla.redhat.com/show_bug.cgi?id=2330577
https://access.redhat.com/security/cve/CVE-2024-12086
https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html
https://kb.cert.org/vuls/id/952657
https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj
Do you need more information?
Contact Us
CVSS v4
Base Score:
7
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE
Weakness Type (CWE)
Detection of Error Condition Without Action
CWE-390
EPSS
Base Score:
0.47