MediumPublic exploit

Rsync server leaks arbitrary client files

IdentifiersCVE-2024-12086CWE-390· Detection of Error Condition…

CVE-2024-12086 is an information disclosure vulnerability in rsync affecting upstream versions through 3.3.0. During client-to-server transfers, the rsync protocol has the server send checksum values to the client so the client can determine what data must be transmitted. A malicious rsync server can abuse this behavior by supplying specially crafted checksum values referencing arbitrary client-side files. By observing the client’s responses, the server can infer and reconstruct the contents of those files byte-by-byte. The issue therefore allows a hostile server a client connects to for upload/synchronization to enumerate and recover arbitrary files from the client machine.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation results in unauthorized disclosure of arbitrary files from the rsync client system to a malicious server. The primary impact is confidentiality loss: sensitive local files accessible to the client process may be reconstructed remotely byte-by-byte. Available information indicates no direct integrity or availability impact from this CVE alone.

Mitigation

If you can’t patch tonight, do this now.

The available content states that acceptable mitigations or workarounds are not available under Red Hat product security criteria. Where immediate patching is not possible, reduce exposure by avoiding connections from rsync clients to untrusted or attacker-controlled rsync servers, and restrict use of rsync for client-to-server transfers to trusted endpoints only.

Remediation

Patch, then assume compromise.

Upgrade rsync to a fixed release. The provided content indicates affected upstream versions are 3.3.0 and earlier, and broader vendor guidance recommends updating to rsync 3.4.0 or later / installing patched distribution packages. For enterprise distributions, apply the vendor-supplied rsync updates for affected products such as RHEL 8/9/10 and dependent platforms.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

AlmalinuxAlmalinuxoperating_system

ArchlinuxArch Linuxoperating_system

GentooLinuxoperating_system

HPE Aruba NetworkingManagement Software (Airwave)application

NixosNixosoperating_system

Red HatEnterprise Linuxoperating_system

Red HatOpenshift Container Platformapplication

SambaRsyncapplication

SuseSuse Linuxoperating_system

TritondatacenterSmartosoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

9 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

9 SOURCESView more in app

support hpeNews

Nov 18, 2025

HPESBNW04971 rev.1 - HPE Aruba Networking Management Software (AirWave), Multiple Vulnerabilities

One of a set of Rsync daemon vulnerabilities (Rsync <= 3.3.0) that can contribute to remote code execution, directory traversal, and/or sensitive information disclosure.

sysdig blogNews

Jan 17, 2025

Detecting and mitigating CVE-2024-12084: rsync remote code execution

An information leak vulnerability in rsync.

almalinuxNews

Jan 17, 2025

AlmaLinux OS - Forever-Free Enterprise-Grade Operating System

An rsync client vulnerability that allows a malicious server to read arbitrary files.

kyberturvallisuuskeskus alertsNews

Jan 16, 2025

Kriittinen rsync-haavoittuvuus vaatii välitöntä korjausta | Traficom

One of several additional vulnerabilities in the Rsync server implementation for which the Rsync project released fixes.

+2 more in the timeline

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity2