Primary

Context

Cloudflare Octorpki Local Privilege Escalation Vulnerability via Rsync SUID Bit Mismanagement

Vulnerability

Patched

A local privilege escalation vulnerability exists in Cloudflare Octorpki versions prior to 1.4.0. The issue arises because Octorpki, when copying files with rsync, improperly uses the '-a' flag, which transfers binaries with the SUID bit set as root. This misconfiguration, combined with another vulnerability that leads Octorpki to process a malicious TAL file, could create a vector for local privilege escalation.

Impact

Exploitation of this vulnerability could lead to unauthorized elevation of privileges, allowing a user to gain root access.

Remediation

Users can upgrade to Octorpki version 1.4.2 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

3.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cloudflare Octorpki Local Privilege Escalation Vulnerability via Rsync SUID Bit Mismanagement

Vulnerability

Impact

Remediation

Affected Products

Cloudflare octorpki

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating