CVE-2022-27618: Path Traversal
First published: Wed Aug 03 2022(Updated: )
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors.
Credit: security@synology.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synology Storage Analyzer | <2.1.0-0390 | |
| Synology DiskStation Manager | =7.0 | |
| Synology DiskStation Manager | =7.1 | |
| Synology Storage Analyzer | <2.0.1-0214 | |
| Synology DiskStation Manager | =6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-27618?
CVE-2022-27618 refers to a 'Path Traversal' vulnerability in the webapi component in Synology Storage Analyzer before version 2.1.0-0390, which allows remote authenticated users to delete arbitrary files.
How does CVE-2022-27618 impact Synology Storage Analyzer?
CVE-2022-27618 impacts Synology Storage Analyzer by allowing remote authenticated users to delete arbitrary files.
Which versions of Synology Storage Analyzer are affected by CVE-2022-27618?
Versions up to and excluding 2.1.0-0390 of Synology Storage Analyzer are affected by CVE-2022-27618.
What is the severity of CVE-2022-27618?
CVE-2022-27618 has a severity rating of 6.5 (medium).
How can the CVE-2022-27618 vulnerability be fixed?
To fix the CVE-2022-27618 vulnerability, users should update Synology Storage Analyzer to version 2.1.0-0390 or later.
- collector/nvd-index
- vendor/synology
- canonical/synology storage analyzer
- canonical/synology diskstation manager
- version/synology diskstation manager/7.0
- version/synology diskstation manager/7.1
- version/synology diskstation manager/6.2