CVE-2024-12087
Rsync: path traversal vulnerability in rsync
CVSS Score
6.5
EPSS Score
3.2%
EPSS Percentile
87th
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
| CWE | CWE-22 |
| Published | Jan 14, 2025 |
| Last Updated | Apr 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for
Be the first to know when new medium vulnerabilities are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Affected Versions
Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION
All versions affected Red Hat / Red Hat Enterprise Linux 7 Extended Lifecycle Support
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 9.4 Extended Update Support
All versions affected Red Hat / Red Hat Discovery 1.14
All versions affected Red Hat / Red Hat OpenShift Container Platform 4
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHBA-2025:6470 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23154 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23235 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23407 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23415 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23416 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23842 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23853 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23854 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23858 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:2600 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:7050 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:8385 access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-12087 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2330672 kb.cert.org: https://kb.cert.org/vuls/id/952657 github.com: https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj security.netapp.com: https://security.netapp.com/advisory/ntap-20250131-0002/ lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html kb.cert.org: https://www.kb.cert.org/vuls/id/952657
Credits
Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.