Samba Rsync 3.2.0

CPE Details

Samba Rsync 3.2.0
samba
rsync
3.2.0
2021-06-04
10h14 +00:00
2021-06-04
12h07 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:samba:rsync:3.2.0:-:*:*:*:*:*:*

Informations

Vendor

samba

Product

rsync

Version

3.2.0

Update

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-29154 2022-08-02 12h22 +00:00 An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).
7.4
High
CVE-2020-14387 2021-05-27 17h44 +00:00 A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4.
7.4
High