Path Traversal Vulnerability in Synology SSO Server Affects User File Security
CVE-2022-27620

4.9MEDIUM

Key Information:

Vendor: Synology
Status: Sso Server
Vendor: CVE Published:; 3 August 2022

What is CVE-2022-27620?

The Synology SSO Server prior to version 2.2.3-0331 has a Path Traversal vulnerability within its webapi component. This flaw allows remote authenticated users to bypass directory restrictions and gain access to arbitrary files on the server. By exploiting this vulnerability, unauthorized individuals can potentially retrieve sensitive information stored within the file system, posing a serious threat to user privacy and data integrity.

Affected Version(s)

SSO Server < 2.2.3-0331

References

https://www.synology.com/security/advisory/Synology_SA_22_13

x_refsource_CONFIRM

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 3, 2022
Vulnerability Reserved
Mar 21, 2022