CVE-2020-14387

Name of the Vulnerable Software and Affected Versions rsync versions 3.2.0pre1 through 3.2.3

Description A flaw in rsync improperly validates certificates, allowing a host mismatch vulnerability. This could enable a remote, unauthenticated attacker to perform a man-in-the-middle attack using a valid certificate for another hostname, compromising the confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this issue is to data confidentiality and integrity.

Recommendations For rsync versions 3.2.0pre1 through 3.2.3, update to version 3.2.4 or later to resolve the issue.