A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations.
We have already fixed the vulnerability in the following versions:
Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.qnap.com/en/security-advisory/qsa-24-48 |
History
Fri, 06 Dec 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 06 Dec 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later | |
Title | Qsync Central | |
Weaknesses | CWE-59 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: qnap
Published: 2024-12-06T16:35:52.266Z
Updated: 2024-12-06T19:28:37.668Z
Reserved: 2024-10-24T03:45:32.283Z
Link: CVE-2024-50404
Vulnrichment
Updated: 2024-12-06T19:28:34.543Z
NVD
Status : Received
Published: 2024-12-06T17:15:10.043
Modified: 2024-12-06T17:15:10.043
Link: CVE-2024-50404
Redhat
No data.