CVE-2018-13281Sensitive Information Exposure in Synology Diskstation Manager

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 67.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Synology Diskstation Manager
Timeline
PublishedOct 31
Latest updateMay 13

Description

Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5synology/diskstation_managerunspecified6.2-23739-2
NVDsynology/diskstation_manager6.16.1.7-15284-2+3

🔴Vulnerability Details

2
GHSA
GHSA-fp4v-57rw-9h95: Information exposure vulnerability in SYNO2022-05-13
CVEList
CVE-2018-13281: Information exposure vulnerability in SYNO2018-10-31
CVE-2018-13281 — Sensitive Information Exposure | cvebase