rsync is vulnerable to directory traversal. The vulnerability exists due to a lack of validation of file names allowed, allowing a malicious rsync server or Man-in-The-Middle attacker to overwrite arbitrary files in the rsync client target directory and subdirectories.

CPENameOperatorVersion
rsync:3.15eq3.2.3-r4
rsync:3.15eq3.2.3-r5
rsync:3.14eq3.2.3-r4
rsync:3.14eq3.2.3-r2
rsync:3.13eq3.2.3-r1
rsync:3.13eq3.2.3-r4
rsync:3.16eq3.2.4-r1
rsync:3.16eq3.2.4-r0
rsync:edgeeq3.1.3-r3
rsync:edgeeq3.2.4-r1

Name	Operator	Version
rsync:3.15	eq	3.2.3-r4
rsync:3.15	eq	3.2.3-r5
rsync:3.14	eq	3.2.3-r4
rsync:3.14	eq	3.2.3-r2
rsync:3.13	eq	3.2.3-r1
rsync:3.13	eq	3.2.3-r4
rsync:3.16	eq	3.2.4-r1
rsync:3.16	eq	3.2.4-r0
rsync:edge	eq	3.1.3-r3
rsync:edge	eq	3.2.4-r1

Rows per page:

1-10 of 681

References

www.openwall.com/lists/oss-security/2022/08/02/1

github.com/WayneD/rsync/tags

lists.fedoraproject.org/archives/list/[email protected]/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/

lists.fedoraproject.org/archives/list/[email protected]/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/

secdb.alpinelinux.org/edge/main.yaml

secdb.alpinelinux.org/v3.13/main.yaml

secdb.alpinelinux.org/v3.14/main.yaml

secdb.alpinelinux.org/v3.15/main.yaml

secdb.alpinelinux.org/v3.16/main.yaml

nessus 53

cbl_mariner 2

redhatcve 1

nvd 1

redhat 36

freebsd 1

openvas 27

prion 1

amazon 1

broadcom 1

suse 3

photon 5

rocky 2

oraclelinux 3

debiancve 1

cloudfoundry 1

githubexploit 1

redos 1

slackware 1

ubuntucve 1

osv 5

almalinux 1

cloudlinux 2

cvelist 1

cve 1

mageia 1

centos 1

alpinelinux 1

ubuntu 1

ibm 10

rosalinux 1

fedora 2

attackerkb 1

gentoo 1

ics 1

nessus

Oracle Linux 7 : rsync (ELSA-2022-6170)

2022-08-25 00:00:00

FreeBSD : rsync -- client-side arbitrary file write vulnerability (21f43976-1887-11ed-9911-40b034429ecf)

2022-08-11 00:00:00

SUSE SLED15 / SLES15 Security Update : rsync (SUSE-SU-2022:2825-1)

2022-08-17 00:00:00

cbl_mariner

CVE-2022-29154 affecting package rsync 3.1.3-5

2022-12-27 17:55:43

CVE-2022-29154 affecting package rsync for versions less than 3.2.5-1

2022-08-31 06:17:56

redhatcve

CVE-2022-29154

2022-08-02 13:40:01

nvd

CVE-2022-29154

2022-08-02 15:15:08

redhat

(RHSA-2022:6180) Important: rsync security update

2022-08-24 17:04:49

(RHSA-2022:6170) Important: rsync security update

2022-08-24 16:38:50

(RHSA-2022:6173) Important: rsync security update

2022-08-24 16:43:45

freebsd

rsync -- client-side arbitrary file write vulnerability

2022-08-02 00:00:00

openvas

Slackware: Security Advisory (SSA:2022-227-01)

2022-08-16 00:00:00

Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2023-2204)

2023-06-12 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:2825-1)

2022-08-17 00:00:00

prion

Input validation

2022-08-02 15:15:00

amazon

Important: rsync

2022-10-31 19:40:00

broadcom

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers.

2023-08-01 00:00:00

suse

Security update for rsync (important)

2022-09-01 00:00:00

Security update for rsync (important)

2022-08-16 00:00:00

Security update for rsync (important)

2022-08-31 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0430

2022-08-05 00:00:00

Important Photon OS Security Update - PHSA-2022-0223

2022-08-04 00:00:00

Important Photon OS Security Update - PHSA-2022-4.0-0223

2022-08-04 00:00:00

rocky

rsync security update

2022-08-24 17:04:49

rsync security update

2022-08-24 17:06:01

oraclelinux

rsync security update

2022-08-25 00:00:00

rsync security update

2022-08-25 00:00:00

rsync security update

2022-08-25 00:00:00

debiancve

CVE-2022-29154

2022-08-02 15:15:08

cloudfoundry

USN-5921-1: rsync vulnerabilities | Cloud Foundry

2023-03-23 00:00:00

githubexploit

Exploit for Improper Input Validation in Samba Rsync

2022-09-14 13:59:21

redos

ROS-20221216-02

2022-12-16 00:00:00

slackware

[slackware-security] rsync

2022-08-15 20:27:07

ubuntucve

CVE-2022-29154

2022-08-02 00:00:00

osv

CVE-2022-29154

2022-08-02 15:15:08

Important: rsync security update

2022-08-24 17:04:49

rsync vulnerabilities

2023-03-06 12:11:44

almalinux

Important: rsync security update

2022-08-24 00:00:00

cloudlinux

Fixed CVE-2022-29154 in rsync

2022-09-08 17:32:28

Fixed CVE-2022-29154 in rsync

2022-08-17 18:45:47

cvelist

CVE-2022-29154

2022-08-02 14:22:52

cve

CVE-2022-29154

2022-08-02 15:15:08

mageia

Updated rsync packages fix security vulnerability

2022-08-26 00:21:07

centos

rsync security update

2022-09-01 22:04:24

alpinelinux

CVE-2022-29154

2022-08-02 15:15:08

ubuntu

rsync vulnerabilities

2023-03-06 00:00:00

ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Rsync [CVE-2022-29154]

2024-02-29 20:30:34

Security Bulletin: IBM Security Verify Access Appliance includes components with known vulnerabilities (CVE-2022-29154, CVE-2022-0391)

2023-04-03 21:42:39

Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities.

2022-11-09 18:42:35

rosalinux

Advisory ROSA-SA-2023-2230

2023-09-05 12:16:03

fedora

[SECURITY] Fedora 35 Update: rsync-3.2.5-1.fc35

2022-08-31 10:15:04

[SECURITY] Fedora 36 Update: rsync-3.2.5-1.fc36

2022-08-18 02:05:16

attackerkb

CVE-2019-6111

2019-01-31 00:00:00

gentoo

rsync: Multiple Vulnerabilities

2024-05-08 00:00:00

ics

Siemens SCALANCE XCM-/XRM-300

2024-02-15 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.001 Low

EPSS

Percentile

41.3%

JSON

Related for VERACODE:36629