VDB
CVE-2024-52522
CVE-2024-52522
PUBLISHED
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2.
EPSS 0.03% · 8.3th percentile
Risk Scores
EPSS Score
0.03%
8.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | rclone | 1.59.0 |
| Bitnami | rclone | 1.59.0 |
Timeline
- Jan 21, 1970 Security Advisory
- Nov 15, 2024 Coalition ESS Score
- Nov 15, 2024 CVE Published
- Nov 16, 2024 EPSS Score
- Nov 18, 2024 Coalition ESS Score
- Nov 21, 2024 CVE Updated
- Dec 5, 2024 EPSS Score
- Dec 22, 2024 EPSS Score
- Jan 9, 2025 EPSS Score
- Jan 26, 2025 EPSS Score
- Feb 13, 2025 EPSS Score
- Mar 2, 2025 EPSS Score