Description

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.

INFO

Published Date :

2025-01-14T17:57:33.927Z

Last Modified :

2026-01-28T18:57:41.057Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-12087 vulnerability.

Vendors Products
Almalinux
  • Almalinux
Archlinux
  • Arch Linux
Gentoo
  • Linux
Nixos
  • Nixos
Redhat
  • Discovery
  • Enterprise Linux
  • Enterprise Linux Eus
  • Enterprise Linux For Arm 64
  • Enterprise Linux For Arm 64 Eus
  • Enterprise Linux For Ibm Z Systems
  • Enterprise Linux For Ibm Z Systems Eus
  • Enterprise Linux For Power Little Endian
  • Enterprise Linux For Power Little Endian Eus
  • Enterprise Linux Server Aus
  • Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
  • Enterprise Linux Update Services For Sap Solutions
  • Openshift
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Eus Long Life
  • Rhel Tus
Samba
  • Rsync
Suse
  • Suse Linux
Tritondatacenter
  • Smartos
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-12087.

URL Resource
https://access.redhat.com/errata/RHSA-2025:23154 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23235 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23407 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23415 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23416 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23842 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23853 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23854 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:23858 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:2600 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:7050 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2025:8385 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-12087 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2330672 cve-icon cve-icon
https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj cve-icon cve-icon
https://kb.cert.org/vuls/id/952657 cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-12087 cve-icon
https://security.netapp.com/advisory/ntap-20250131-0002/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-12087 cve-icon
https://www.kb.cert.org/vuls/id/952657 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact