Browse all 4 CVE security advisories affecting bareos. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Bareos serves as an open-source network backup solution designed for data protection and recovery across diverse IT environments. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure default configurations. While no major public security incidents have been widely documented, the project maintains a moderate CVE count with four currently recorded issues. Security characteristics include regular updates and community-driven patching, though deployments require careful hardening to mitigate risks associated with its web interface and network communication protocols.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-45044 | Bareos's negative command ACLs can be circumvented by abbreviating commands — bareosCWE-285 | 8.8 | High | 2024-09-10 |
| CVE-2022-24756 | Missing Release of Memory after Effective Lifetime in Bareos Director — bareosCWE-401 | 7.5 | High | 2022-03-15 |
| CVE-2022-24755 | Incorrect Authorization in Bareos Director — bareosCWE-863 | 8.1 | High | 2022-03-15 |
| CVE-2020-4042 | Authentication bypass in Bareos — bareosCWE-294 | 6.8 | Medium | 2020-07-10 |
This page lists every published CVE security advisory associated with bareos. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.