Cross-Site Request Forgery in Synology Calendar
CVE-2022-22686

6.5MEDIUM

Key Information:

Vendor: Synology
Status: Synology Calendar
Vendor: CVE Published:; 26 July 2022

What is CVE-2022-22686?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the webapi component of Synology Calendar prior to version 2.3.4-0631. This flaw allows remote authenticated users to potentially hijack the authentication of administrators through unspecified methods, compromising the administration of the calendar service.

Affected Version(s)

Synology Calendar < 2.3.4-0631

References

https://www.synology.com/security/advisory/Synology_SA_20_07

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 26, 2022
Vulnerability Reserved
Jan 5, 2022