Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors.
History

Wed, 18 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 18 Dec 2024 06:15:00 +0000

Type Values Removed Values Added
Description Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors.
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: synology

Published: 2024-12-18T06:00:18.463Z

Updated: 2024-12-18T16:21:15.401Z

Reserved: 2024-05-03T08:17:45.842Z

Link: CVE-2024-4464

cve-icon Vulnrichment

Updated: 2024-12-18T16:20:56.230Z

cve-icon NVD

Status : Received

Published: 2024-12-18T06:15:23.587

Modified: 2024-12-18T06:15:23.587

Link: CVE-2024-4464

cve-icon Redhat

No data.