CVE-2023-39299Path Traversal in Systems INC Music Station

CWE-22Path Traversal3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 67.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC Music StationQnap Music Station
Timeline
PublishedNov 3

Description

A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: Music Station 4.8.11 and later Music Station 5.1.16 and later Music Station 5.3.23 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDqnap/music_station4.8.04.8.11+2
CVEListV5qnap_systems_inc/music_station4.8.x4.8.11+2

🔴Vulnerability Details

2
GHSA
GHSA-227v-m6p6-j6gx: A path traversal vulnerability has been reported to affect Music Station2023-11-03
CVEList
Music Station2023-11-03
CVE-2023-39299 — Path Traversal | cvebase