Path Traversal Vulnerability in Synology Calendar Application
CVE-2022-27617
4.3MEDIUM
Summary
A path traversal vulnerability exists in the webapi component of Synology Calendar prior to version 2.3.4-0631, enabling authenticated users to access and download arbitrary files from the server. This misconfiguration allows potential exploitation through unspecified vectors, posing significant risks to sensitive data integrity and privacy.
Affected Version(s)
Synology Calendar < 2.3.4-0631
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved