CVE-2023-23365

CWE-22Path TraversalCWE-552Files Accessible to External Parties3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 64.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. Music StationQnap Music Station
Timeline
PublishedOct 6

Description

A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Station 5.3.22 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 3.1 | Impact: 4.0

Affected Packages2 packages

NVDqnap/music_station5.3.05.3.22
CVEListV5qnap_systems_inc./music_station5.3.x5.3.22

🔴Vulnerability Details

2
GHSA
GHSA-95pq-fvwq-w4hv: A path traversal vulnerability has been reported to affect Music Station2023-10-06
CVEList
Music Station2023-10-06
CVE-2023-23365 (MEDIUM CVSS 6.5) | A path traversal vulnerability has | cvebase.io