A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:samba:rsync:3.2.0:-:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "3.2.0-NA"
},
{
"last_affected": "3.2.0-NA"
},
{
"introduced": "3.2.0-NA"
},
{
"last_affected": "3.2.0-NA"
}
],
"source": "CPE_STRING",
"vendor_product": "samba:rsync"
}
]
}{
"extracted_events": [
{
"introduced": "3.2.1"
},
{
"fixed": "3.2.4"
},
{
"introduced": "3.2.0-NA"
},
{
"last_affected": "3.2.0-NA"
},
{
"introduced": "3.2.0-pre1"
},
{
"last_affected": "3.2.0-pre1"
},
{
"introduced": "3.2.0-pre2"
},
{
"last_affected": "3.2.0-pre2"
},
{
"introduced": "3.2.0-pre3"
},
{
"last_affected": "3.2.0-pre3"
}
],
"cpe": [
"cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*",
"cpe:2.3:a:samba:rsync:3.2.0:-:*:*:*:*:*:*",
"cpe:2.3:a:samba:rsync:3.2.0:pre1:*:*:*:*:*:*",
"cpe:2.3:a:samba:rsync:3.2.0:pre2:*:*:*:*:*:*",
"cpe:2.3:a:samba:rsync:3.2.0:pre3:*:*:*:*:*:*"
],
"source": [
"CPE_RANGE",
"CPE_STRING"
]
}