The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 changes the ownership of files that a symlink points to rather than the symlink itself, which allows local users to obtain access to arbitrary files.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.00077Percentile:
0.23673
CVSS Scoring
CVSS v2 Score: 4.6
Severity:
Affected Products
cpe:2.3:a:rsnapshot:filesystem_snapshot_utility:1.0.10:*:*:*:*:*:*:*
cpe:2.3:a:rsnapshot:filesystem_snapshot_utility:1.1:*:*:*:*:*:*:*
cpe:2.3:a:rsnapshot:filesystem_snapshot_utility:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:rsnapshot:filesystem_snapshot_utility:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:rsnapshot:filesystem_snapshot_utility:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:rsnapshot:filesystem_snapshot_utility:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:rsnapshot:filesystem_snapshot_utility:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:rsnapshot:filesystem_snapshot_utility:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:rsnapshot:filesystem_snapshot_utility:1.2:*:*:*:*:*:*:*
← Back to Home
BrownCoat Threat Intelligence Platform | 2025 Steve Gray — You Can’t Take the Sky from Me