Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-22686: Synology_SA_20_07 | Synology Inc.

Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors.

CVE
Open in Source
#csrf#vulnerability#web#auth

Abstract

Multiple vulnerabilities allow remote authenticated users to download arbitrary files or hijack the authentication of administrators via a susceptible version of Synology Calendar.

Affected Products

Product

Severity

Fixed Release Availability

Synology Calendar for DSM 6.2

Moderate

Upgrade to 2.3.4-0631 or above.

Mitigation

None

Detail

  • CVE-2022-22686
    • Severity: Moderate
    • CVSS3 Base Score: 6.5
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
    • Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors.

Acknowledgement

Qian Chen (@cq674350529) from Codesafe Team of Legendsec at Qi’anxin Group

Revision

Revision

Date

Description

1

2020-04-29

Initial public release.

2

2022-07-26

Disclosed vulnerability details.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE