Metrics
Affected Vendors & Products
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
cvssV3_1
|
Sat, 16 Nov 2024 02:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Fri, 15 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Fri, 15 Nov 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2. | |
Title | Rclone Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata | |
Weaknesses | CWE-281 CWE-59 CWE-61 |
|
References |
| |
Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-11-15T17:15:43.357Z
Updated: 2024-11-21T14:56:00.193Z
Reserved: 2024-11-11T18:49:23.559Z
Link: CVE-2024-52522
Updated: 2024-11-15T18:25:52.467Z
Status : Awaiting Analysis
Published: 2024-11-15T18:15:30.643
Modified: 2024-11-21T15:15:33.637
Link: CVE-2024-52522