VDB

CVE-2024-52522

CVE-2024-52522 PUBLISHED

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2.

EPSS 0.03% · 8.3th percentile

Risk Scores

EPSS Score
0.03%
8.3th percentile

Affected Products

VendorProductVersions
Bitnamirclone1.59.0
Bitnamirclone1.59.0

Timeline

  • Jan 21, 1970 Security Advisory
  • Nov 15, 2024 Coalition ESS Score
  • Nov 15, 2024 CVE Published
  • Nov 16, 2024 EPSS Score
  • Nov 18, 2024 Coalition ESS Score
  • Nov 21, 2024 CVE Updated
  • Dec 5, 2024 EPSS Score
  • Dec 22, 2024 EPSS Score
  • Jan 9, 2025 EPSS Score
  • Jan 26, 2025 EPSS Score
  • Feb 13, 2025 EPSS Score
  • Mar 2, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›