CVE-2024-52522
published 2024-11-15CVE-2024-52522: Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and…
PriorityP425medium5.4CVSS 4.0
AVLACLATPPRLUIAVCHVIHVAHSCLSILSALEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.21%
11.7th percentile
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | rclone | < rclone 1.69.3+dfsg-2 (forky) | rclone 1.69.3+dfsg-2 (forky) |
| github.com | rclone_rclone | >= 1.59.0 < 1.68.2 | 1.68.2 |
| rclone | rclone | — | — |
| rclone | rclone | >= 0 < 1.69.3+dfsg-2 | 1.69.3+dfsg-2 |
CVSS provenance
nvdv4.05.4MEDIUMCVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv5.4MEDIUM
vendor_debian5.4MEDIUM
vendor_redhat5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Rclone Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata in github.com/rclone/rclone
osv·2024-11-19
CVE-2024-52522 Rclone Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata in github.com/rclone/rclone
Rclone Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata in github.com/rclone/rclone
Rclone Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata in github.com/rclone/rclone
GHSA
Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
ghsa·2024-11-19
CVE-2024-52522 [MEDIUM] CWE-281 Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
### **tl;dr:**
unprivileged user creates a symlink to /etc/sudoers, /etc/shadow or similar and waits for a privileged user or process to copy/backup/mirror users data (using `--links` and `--metadata`). unprivileged user now owns /etc/sudoers.
### Summary
Insecure handling of symlinks with `--links` and `--metadata` in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files (e.g., /etc/shadow), compromising system integrity, confidentiality, and availabilit
OSV
Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
osv·2024-11-19
CVE-2024-52522 [MEDIUM] Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
### **tl;dr:**
unprivileged user creates a symlink to /etc/sudoers, /etc/shadow or similar and waits for a privileged user or process to copy/backup/mirror users data (using `--links` and `--metadata`). unprivileged user now owns /etc/sudoers.
### Summary
Insecure handling of symlinks with `--links` and `--metadata` in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files (e.g., /etc/shadow), compromising system integrity, confidentiality, and availabilit
OSV
CVE-2024-52522: Rclone is a command-line program to sync files and directories to and from different cloud storage providers
osv·2024-11-15·CVSS 5.4
CVE-2024-52522 [MEDIUM] CVE-2024-52522: Rclone is a command-line program to sync files and directories to and from different cloud storage providers
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2.
Red Hat
rclone: librclone: improper permission and ownership handling on symlink targets with --links and --metadata
vendor_redhat·2024-11-15·CVSS 5.4
CVE-2024-52522 [MEDIUM] CWE-281 rclone: librclone: improper permission and ownership handling on symlink targets with --links and --metadata
rclone: librclone: improper permission and ownership handling on symlink targets with --links and --metadata
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2.
A security issue was found in Rclone. Insecure handling of symlinks with `--links` and `--metadata` while copying to the l
Debian
CVE-2024-52522: rclone - Rclone is a command-line program to sync files and directories to and from diffe...
vendor_debian·2024·CVSS 5.4
CVE-2024-52522 [MEDIUM] CVE-2024-52522: rclone - Rclone is a command-line program to sync files and directories to and from diffe...
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2.
Scope: local
bookworm: open
bullseye: resolved
forky: resolved (fixed in 1.69.3+dfsg-2)
sid: resolved (fixed in 1.69.3+dfsg-2)
trixie: open
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-15
Published