CVE-2018-13291 — Sensitive Information Exposure in Synology Diskstation Manager

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 67.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Synology Diskstation Manager

Timeline

PublishedApr 1

Latest updateMay 13

Description

Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to obtain sensitive information via the world readable configuration.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5synology/diskstation_managerunspecified — 6.2.1-23824

▶NVDsynology/diskstation_manager5.2 — 6.2.1-23824

🔴Vulnerability Details

GHSA

GHSA-r9w9-5fvc-mjjw: Information exposure vulnerability in /usr/syno/etc/mount↗2022-05-13

▶

CVEList

CVE-2018-13291: Information exposure vulnerability in /usr/syno/etc/mount↗2019-04-01

▶