Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:10 p.m.6 views

CVE-2021-3978

When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector, when...

7.5CVSS6.6AI score0.00142EPSS
Exploits0
OSV
OSV
added 2025/01/29 10:15 a.m.10 views

CVE-2021-3978

When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector, when...

5.5CVSS7.4AI score
Exploits0References1
NVD
NVD
added 2025/01/29 10:15 a.m.13 views

CVE-2021-3978

When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector, when...

7.5CVSS0.00142EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/01/29 10:15 a.m.9 views

CVE-2021-3978

When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector, when...

7.5CVSS7.1AI score0.00142EPSS
Exploits0References2
Circl
Circl
added 2025/01/29 10:7 a.m.8 views

CVE-2021-3978

creationtimestamp| type| source ---|---|--- 2025-01-29 10:07:48+00:00| seen| https://infosec.exchange/users/cve/statuses/113911088253196556 2025-01-29 11:18:14+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/3372 2025-01-29 13:10:48+00:00| seen|...

7.5CVSS7.1AI score0.00142EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/01/29 10:0 a.m.6 views

CVE-2021-3978 Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki

When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector, when...

7.5CVSS7.5AI score0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/29 10:0 a.m.18 views

CVE-2021-3978 Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki

When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector, when...

7.5CVSS0.00142EPSS
Exploits0References1
CVE
CVE
added 2025/01/29 10:0 a.m.86 views

CVE-2021-3978

CVE-2021-3978 affects Cloudflare CFRPKI’s octorpki. The root cause is that copying files with rsync uses the “-a” flag 0, causing binaries with the SUID bit to be copied as root. The service definition defaults to root, creating a potential local privilege escalation vector if a malicious TAL fil...

7.5CVSS7.4AI score0.00142EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2025/01/29 10:0 a.m.8 views

CVE-2021-3978

When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector, when...

7.5CVSS7.2AI score0.00142EPSS
Exploits0
Rows per page
Query Builder