CVE-2026-43617
MEDIUM4.8EPSS 0.01%發布日:2026/5/20修改日:2026/5/20
也稱為:ALPINE-CVE-2026-43617
描述
Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing connections from hostnames that administrators intended to deny when reverse DNS resolution fails and defaults to UNKNOWN.
受影響套件(2)
- Alpine/rsyncfrom 0, < 3.4.3-r0
- Debian/rsyncfrom 0, < 3.2.3-4+deb11u4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.8 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |