216.73.216.86

CVE-2024-52522

· Published 15/11/2024 18:15 · Modified 21/11/2024 15:15

Labels: CVE-2024-52522 2024-11-15CVE-2024-52522CWE-281CWE-59[email protected]

Essential information

Published
15/11/2024 18:15
Modified
21/11/2024 15:15
Author
Creator
CISA KEV
No
CWE

Description

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References