CVE-2024-12088

Rsync: --safe-links option bypass leads to path traversal

Description

A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.

INFO

Published Date :

2025-01-14T17:38:34.890Z

Last Modified :

2026-01-28T18:57:42.445Z

Source :

redhat

AFFECTED PRODUCTS

The following products are affected by CVE-2024-12088 vulnerability.

Vendors	Products
Almalinux	Almalinux
Archlinux	Arch Linux
Gentoo	Linux
Nixos	Nixos
Novell	Suse Linux
Redhat	Discovery Enterprise Linux Enterprise Linux Eus Enterprise Linux For Arm 64 Enterprise Linux For Arm 64 Eus Enterprise Linux For Ibm Z Systems Enterprise Linux For Ibm Z Systems Eus Enterprise Linux For Power Little Endian Enterprise Linux For Power Little Endian Eus Enterprise Linux Server Aus Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Enterprise Linux Update Services For Sap Solutions Openshift Openshift Container Platform
Samba	Rsync
Tritondatacenter	Smartos

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-12088.

URL	Resource
https://access.redhat.com/errata/RHSA-2025:2600
https://access.redhat.com/errata/RHSA-2025:7050
https://access.redhat.com/errata/RHSA-2025:8385
https://access.redhat.com/security/cve/CVE-2024-12088
https://bugzilla.redhat.com/show_bug.cgi?id=2330676
https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj
https://kb.cert.org/vuls/id/952657
https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html
https://nvd.nist.gov/vuln/detail/CVE-2024-12088
https://security.netapp.com/advisory/ntap-20250131-0002/
https://www.cve.org/CVERecord?id=CVE-2024-12088
https://www.kb.cert.org/vuls/id/952657

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact