rsync is vulnerable to improper validation of certificate. It does not verify the hostname in the server certificate in openssl mode, so a man-in-the-middle attacker with a valid certificate for another hostname could intercept connections.
CPE | Name | Operator | Version |
---|---|---|---|
rsync:sid | eq | 3.2.3-2 | |
rsync:bullseye | eq | 3.2.3-2 | |
rsync:edge | eq | 3.2.3-r2 | |
rsync:edge | eq | 3.2.3-r4 | |
rsync:edge | eq | 3.1.3-r3 | |
rsync:edge | eq | 3.2.3-r3 | |
rsync:edge | eq | 3.2.3-r1 | |
rsync:edge | eq | 3.2.3-r5 |