Bitnami package
rclone
pkg:bitnami/rclone
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-41179 | Cri | 9.8 | >= 1.48.0, < 1.73.5 | 1.73.5 | Apr 23, 2026 | Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinfo` is exposed without `AuthRequired: true` and accepts attacker-controlled `fs` i | |
| CVE-2026-41176 | Cri | 9.8 | >= 1.45.0, < 1.73.5 | 1.73.5 | Apr 23, 2026 | Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate global runtime configuration, including the RC option block itself. Starting in v | |
| CVE-2024-52522 | Med | — | >= 1.59.0, < 1.68.2 | 1.68.2 | Nov 15, 2024 | Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions o | |
| CVE-2020-28924 | — | < 1.53.3 | 1.53.3 | Nov 19, 2020 | An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was s |
- affected >= 1.48.0, < 1.73.5fixed 1.73.5
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinfo` is exposed without `AuthRequired: true` and accepts attacker-controlled `fs` i
- affected >= 1.45.0, < 1.73.5fixed 1.73.5
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate global runtime configuration, including the RC option block itself. Starting in v
- affected >= 1.59.0, < 1.68.2fixed 1.68.2
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions o
- CVE-2020-28924Nov 19, 2020affected < 1.53.3fixed 1.53.3
An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was s