Search for vulnerabilities
Vulnerability details: VCID-x77p-r1ja-kuem
Vulnerability ID VCID-x77p-r1ja-kuem
Aliases CVE-2024-12088
Summary A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-35 Path Traversal: '.../...//'
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
System Score Found at
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2025:2600
ssvc Track https://access.redhat.com/errata/RHSA-2025:2600
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2025:7050
ssvc Track https://access.redhat.com/errata/RHSA-2025:7050
cvssv3.1 6.5 https://access.redhat.com/errata/RHSA-2025:8385
ssvc Track https://access.redhat.com/errata/RHSA-2025:8385
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12088.json
cvssv3.1 6.5 https://access.redhat.com/security/cve/CVE-2024-12088
ssvc Track https://access.redhat.com/security/cve/CVE-2024-12088
ssvc Track https://access.redhat.com/security/cve/CVE-2024-12088
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00103 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00114 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.0014 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.0014 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.0014 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.00262 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
epss 0.0052 https://api.first.org/data/v1/epss?cve=CVE-2024-12088
cvssv3.1 6.5 https://bugzilla.redhat.com/show_bug.cgi?id=2330676
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2330676
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2330676
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.5 https://kb.cert.org/vuls/id/952657
ssvc Track https://kb.cert.org/vuls/id/952657
ssvc Track https://kb.cert.org/vuls/id/952657
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-12088
archlinux Critical https://security.archlinux.org/AVG-2858
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12088.json
https://api.first.org/data/v1/epss?cve=CVE-2024-12088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj
2330676 https://bugzilla.redhat.com/show_bug.cgi?id=2330676
952657 https://kb.cert.org/vuls/id/952657
ASA-202501-1 https://security.archlinux.org/ASA-202501-1
AVG-2858 https://security.archlinux.org/AVG-2858
cpe:2.3:a:redhat:discovery:1.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:discovery:1.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*
cpe:2.3:o:almalinux:almalinux:10.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:almalinux:almalinux:10.0:-:*:*:*:*:*:*
cpe:2.3:o:almalinux:almalinux:8.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:almalinux:almalinux:8.0:-:*:*:*:*:*:*
cpe:2.3:o:almalinux:almalinux:9.0:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:almalinux:almalinux:9.0:-:*:*:*:*:*:*
cpe:2.3:o:archlinux:arch_linux:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:archlinux:arch_linux:-:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:*
cpe:2.3:o:nixos:nixos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:nixos:nixos:*:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.6_ppc64le:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.6:*:*:*:*:*:*:*
cpe:2.3:o:tritondatacenter:smartos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:tritondatacenter:smartos:*:*:*:*:*:*:*:*
cpe:/a:redhat:discovery:1.14::el9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9
cpe:/a:redhat:enterprise_linux:9::appstream https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:openshift:4 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:8::baseos https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
cpe:/o:redhat:enterprise_linux:9 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
cpe:/o:redhat:enterprise_linux:9::baseos https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
CVE-2024-12088 https://access.redhat.com/security/cve/CVE-2024-12088
CVE-2024-12088 https://nvd.nist.gov/vuln/detail/CVE-2024-12088
GLSA-202501-01 https://security.gentoo.org/glsa/202501-01
RHSA-2025:2600 https://access.redhat.com/errata/RHSA-2025:2600
RHSA-2025:7050 https://access.redhat.com/errata/RHSA-2025:7050
RHSA-2025:8385 https://access.redhat.com/errata/RHSA-2025:8385
USN-7206-1 https://usn.ubuntu.com/7206-1/
USN-7206-3 https://usn.ubuntu.com/7206-3/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2025:2600
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:13:08Z/ Found at https://access.redhat.com/errata/RHSA-2025:2600
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2025:7050
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:13:08Z/ Found at https://access.redhat.com/errata/RHSA-2025:7050
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2025:8385
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:13:08Z/ Found at https://access.redhat.com/errata/RHSA-2025:8385
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12088.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://access.redhat.com/security/cve/CVE-2024-12088
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:59:33Z/ Found at https://access.redhat.com/security/cve/CVE-2024-12088
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:13:08Z/ Found at https://access.redhat.com/security/cve/CVE-2024-12088
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2330676
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:59:33Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2330676
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:13:08Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2330676
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://kb.cert.org/vuls/id/952657
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:13:08Z/ Found at https://kb.cert.org/vuls/id/952657
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T14:59:33Z/ Found at https://kb.cert.org/vuls/id/952657
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-12088
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.17624
EPSS Score 0.00045
Published At Jan. 16, 2025, midnight
Date Actor Action Source VulnerableCode Version
2024-12-18T04:08:53.336068+00:00 SUSE Severity Score Importer Import https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml 35.0.0