Search for vulnerabilities
Vulnerability details: VCID-33zd-f2rq-aaas
Vulnerability ID VCID-33zd-f2rq-aaas
Aliases CVE-2022-29154
Summary CVE-2022-29154 rsync: remote arbitrary files write inside the directories of connecting peers
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-20 Improper Input Validation
CWE-862 Missing Authorization
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2022:6170
rhas Important https://access.redhat.com/errata/RHSA-2022:6171
rhas Important https://access.redhat.com/errata/RHSA-2022:6172
rhas Important https://access.redhat.com/errata/RHSA-2022:6173
rhas Important https://access.redhat.com/errata/RHSA-2022:6180
rhas Important https://access.redhat.com/errata/RHSA-2022:6181
cvssv3 7.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29154.json
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00069 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00283 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00302 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00302 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00302 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00302 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00302 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00302 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00302 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00302 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00302 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00302 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00302 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00302 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00302 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00302 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00302 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00302 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00302 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.00302 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
epss 0.02166 https://api.first.org/data/v1/epss?cve=CVE-2022-29154
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=2110928
cvssv3.1 8.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 7.4 https://nvd.nist.gov/vuln/detail/CVE-2022-29154
cvssv3.1 7.4 https://nvd.nist.gov/vuln/detail/CVE-2022-29154
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29154.json
https://api.first.org/data/v1/epss?cve=CVE-2022-29154
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29154
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/WayneD/rsync/tags
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/
http://www.openwall.com/lists/oss-security/2022/08/02/1
1016543 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016543
2110928 https://bugzilla.redhat.com/show_bug.cgi?id=2110928
cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
CVE-2022-29154 https://nvd.nist.gov/vuln/detail/CVE-2022-29154
GLSA-202405-22 https://security.gentoo.org/glsa/202405-22
RHSA-2022:6170 https://access.redhat.com/errata/RHSA-2022:6170
RHSA-2022:6171 https://access.redhat.com/errata/RHSA-2022:6171
RHSA-2022:6172 https://access.redhat.com/errata/RHSA-2022:6172
RHSA-2022:6173 https://access.redhat.com/errata/RHSA-2022:6173
RHSA-2022:6180 https://access.redhat.com/errata/RHSA-2022:6180
RHSA-2022:6181 https://access.redhat.com/errata/RHSA-2022:6181
RHSA-2022:6551 https://access.redhat.com/errata/RHSA-2022:6551
USN-5921-1 https://usn.ubuntu.com/5921-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29154.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29154
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29154
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.32155
EPSS Score 0.00069
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.