First published: Thu May 09 2019(Updated: )
Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline.
Credit: security@synology.com
Affected Software | Affected Version | How to fix |
---|---|---|
Synology Calendar | <2.3.3-0620 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-11820 is an information exposure through process environment vulnerability in Synology Calendar before version 2.3.3-0620.
The severity of CVE-2019-11820 is medium with a CVSS score of 5.5.
CVE-2019-11820 allows local users to obtain credentials via the command line in Synology Calendar.
To fix CVE-2019-11820, ensure that you have updated to the latest version of Synology Calendar, specifically version 2.3.3-0620 or higher.
You can find more information about CVE-2019-11820 in the Synology security advisory Synology_SA_19_21 at https://www.synology.com/security/advisory/Synology_SA_19_21.