CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-12086: Rsync: rsync server leaks arbitrary client files

Description

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.

Classification

CVE ID: CVE-2024-12086

Affected Products

Vendor: Red Hat

Product: Red Hat Enterprise Linux 6

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.78% (scored less or equal to compared to others)

EPSS Date: 2025-02-12 (when was this score calculated)

References

https://access.redhat.com/security/cve/CVE-2024-12086
https://bugzilla.redhat.com/show_bug.cgi?id=2330577
https://kb.cert.org/vuls/id/952657

Timeline

2025-01-15 00:30:14 UTC
CVE

Rsync: rsync server leaks arbitrary client files