CVE-2022-27622 — Server-Side Request Forgery in Synology Diskstation Manager

CWE-918 — Server-Side Request Forgery3 documents3 sources

Severity

4.3MEDIUMNVD

CNA4.1

EPSS

0.1%

top 65.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Synology Diskstation Manager

Timeline

PublishedOct 25

Description

Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5synology/diskstation_managerunspecified — 7.1-42661

▶NVDsynology/diskstation_manager< 7.1-42661

🔴Vulnerability Details

GHSA

GHSA-crr9-3x94-m79r: Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7↗2022-10-25

▶

CVEList

CVE-2022-27622: Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7↗2022-10-25

▶