CVE-2021-3978 Information

Description

When copying files with rsync octorpki uses the -a\ flag 0 which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service ) this could allow for a vector when combined with another vulnerability that causes octorpki to process a malicious TAL file for a local privilege escalation.

Reference

https://github.com/cloudflare/cfrpki/security/advisories/GHSA-3pqh-p72c-fj85