CVE-2018-12907 in Rcloneinfo

Summary

In Rclone 1.42, use of "rclone sync" to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL's content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server, aka a "RESTLESS" issue.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

06/27/2018

Disclosure

06/27/2018

Moderation

VulDB entry created

Entries

VDB-120020 (1)

CPE

ready

CWE

CWE-200 (Confirmed)

CVSS

7.4

EPSS

0.00316

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-12907
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-12907
CVE Details	https://www.cvedetails.com/cve/CVE-2018-12907/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!