7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
0.001 Low
EPSS
Percentile
41.3%
Openwall oss-security reports:
We have discovered a critical arbitrary file write vulnerability
in the rsync utility that allows malicious remote servers to write
arbitrary files inside the directories of connecting peers.
The server chooses which files/directories are sent to the client.
Due to the insufficient controls inside the do_server_recv function
a malicious rysnc server (or Man-in-The-Middle attacker) can
overwrite arbitrary files in the rsync client target directory and
subdirectories.
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
0.001 Low
EPSS
Percentile
41.3%