How severe is CVE-2024-12086?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2024-12086?

This is classified as CWE-390, which is a common weakness in software security.

CVE-2024-12086 - MEDIUM Severity | CVSS 6.1

Vulnerability Description

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.

Related Vulnerabilities

CVE-2017-7485

MEDIUM

CVSS:5.9(Medium)

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection...

CWE-3902017

CVE-2024-11942

MEDIUM

CVSS:5.9(Medium)

A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.

CWE-3902024

CVE-2025-25204

MEDIUM

CVSS:6.3(Medium)

`gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` c...

CWE-3902025

CVE-2024-20316

MEDIUM

CVSS:5.8(Medium)

A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured ...

CWE-3902024

CVE-2025-26465

MEDIUM

CVSS:6.8(Medium)

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs...

CWE-3902025

CVE-2024-30255

MEDIUM

CVSS:5.3(Medium)

Envoy is a cloud-native, open source edge and service proxy. The HTTP/2 protocol stack in Envoy versions prior to 1.29.3, 1.28.2, 1.27.4, and 1.26.8 are vulnerable to CPU exhaustion due to flood of CO...

CWE-3902024