CVE-2024-0854

Опубликовано: 24 янв. 2024

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.

Ссылки

https://www.synology.com/en-global/security/advisory/Synology_SA_24_02
Vendor Advisory
https://www.synology.com/en-global/security/advisory/Synology_SA_24_02
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*

Версия до 7.2.1-69057-2 (исключая)

EPSS

Процентиль: 40%

0.00178

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-601

Связанные уязвимости

GHSA-g7r3-jg9w-238c

CVSS3: 4.1

github

около 2 лет назад

URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors.