Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-39301

Опубликовано: 03 нояб. 2023
Источник: nvd
CVSS3: 4.3
EPSS Низкий

Описание

A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network.

We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.1.2491 build 20230815 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.1.2488 build 20230812 and later QuTScloud c5.1.0.2498 and later

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
Версия до 5.1.1.2491 (исключая)
Конфигурация 2
cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
Версия до 5.0.1.2514 (исключая)
Конфигурация 3
cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*
Версия до h5.1.1.2488 (исключая)
Конфигурация 4
cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*
Версия до h5.0.1.2515 (исключая)
Конфигурация 5
cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*
Версия до c5.1.0.2498 (исключая)

EPSS

Процентиль: 36%
0.00149
Низкий

4.3 Medium

CVSS3

Дефекты

CWE-918

Связанные уязвимости

github логотип

GHSA-6295-9vm4-27hw

CVSS3: 4.3
github
больше 2 лет назад

A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.1.2491 build 20230815 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.1.2488 build 20230812 and later QuTScloud c5.1.0.2498 and later

EPSS

Процентиль: 36%
0.00149
Низкий

4.3 Medium

CVSS3

Дефекты

CWE-918