Improper Preservation of Permissions Affecting rclone package, versions *
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN11-RCLONE-8382437
- published 16 Nov 2024
- disclosed 15 Nov 2024
How to fix?
There is no fixed version for Debian:11 rclone.
NVD Description
Note: Versions mentioned in the description apply only to the upstream rclone package and not the rclone package as distributed by Debian.
See How to fix? for Debian:11 relevant fixed versions and status.
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2.