CVE-2022-22686: CSRF
First published: Tue Jul 26 2022(Updated: )
Cross-Site Request Forgery (CSRF) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors.
Credit: security@synology.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synology Calendar | <2.3.4-0631 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-22686?
CVE-2022-22686 is a Cross-Site Request Forgery (CSRF) vulnerability in the webapi component in Synology Calendar before version 2.3.4-0631.
What is the severity of CVE-2022-22686?
CVE-2022-22686 has a severity rating of high (8 out of 10).
How does CVE-2022-22686 affect Synology Calendar?
CVE-2022-22686 allows remote authenticated users to hijack the authentication of administrators via unspecified vectors in Synology Calendar.
Is there a fix for CVE-2022-22686?
Yes, upgrading to Synology Calendar version 2.3.4-0631 or later will fix CVE-2022-22686.
Where can I find more information about CVE-2022-22686?
You can find more information about CVE-2022-22686 on the Synology website: https://www.synology.com/security/advisory/Synology_SA_20_07
- collector/nvd-index
- agent/weakness
- agent/event
- vendor/synology
- canonical/synology calendar