CVE-2022-27620: Path Traversal
First published: Wed Aug 03 2022(Updated: )
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.
Credit: security@synology.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synology SSO Server | <2.2.3-0331 | |
| Synology DiskStation Manager | =6.2 | |
| Synology DiskStation Manager | =7.0 | |
| Synology DiskStation Manager | =7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-27620.
What is the severity of CVE-2022-27620?
The severity of CVE-2022-27620 is medium (4.9).
What software is affected by CVE-2022-27620?
Synology SSO Server versions before 2.2.3-0331 are affected by CVE-2022-27620.
How does CVE-2022-27620 affect remote authenticated users?
CVE-2022-27620 allows remote authenticated users to read arbitrary files.
Is there a fix available for CVE-2022-27620?
Yes, it is recommended to update Synology SSO Server to version 2.2.3-0331 to fix CVE-2022-27620.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/synology
- canonical/synology sso server
- canonical/synology diskstation manager
- version/synology diskstation manager/6.2
- version/synology diskstation manager/7.0
- version/synology diskstation manager/7.1