Synology Drive Client vulnerability allows remote access to sensitive information
CVE-2022-49037

6.5MEDIUM

Key Information:

Vendor: Synology
Status: Synology Drive Client
Vendor: CVE Published:; 26 September 2024

Summary

The Synology Drive Client contains a vulnerability in the proxy settings component that enables the insertion of sensitive information into log files. This flaw allows remote authenticated users to access potentially sensitive data through unspecified vectors before version 3.3.0-15082. Proper security measures should be taken to mitigate the risk associated with this issue.

Affected Version(s)

Synology Drive Client *

References

https://www.synology.com/en-global/security/advisory/Syno...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 26, 2024
Vulnerability Reserved
Sep 24, 2024

Collectors

NVD DatabaseMitre Database

Credit

Zhao Runzi (赵润梓)