CVE-2018-13281

2018-10-31T16:29:00

Description

Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.

Affected Software

CPE Name	Name	Version
synology:diskstation_manager	synology diskstation manager	6.0
synology:vs960hd	synology vs960hd	-
synology:skynas	synology skynas	-
synology:diskstation_manager	synology diskstation manager	6.1.7-15284-2
synology:diskstation_manager	synology diskstation manager	6.2-23739-2
synology:diskstation_manager	synology diskstation manager	5.2

{"id": "CVE-2018-13281", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2018-13281", "description": "Information exposure vulnerability in SYNO.Core.ACL in Synology DiskStation Manager (DSM) before 6.2-23739-2 allows remote authenticated users to determine the existence and obtain the metadata of arbitrary files via the file_path parameter.", "published": "2018-10-31T16:29:00", "modified": "2019-10-09T23:34:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0}, "severity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13281", "reporter": "security@synology.com", "references": ["https://www.synology.com/en-global/support/security/Synology_SA_18_36"], "cvelist": ["CVE-2018-13281"], "immutableFields": [], "lastseen": "2022-03-23T12:52:21", "viewCount": 11, "enchantments": {"dependencies": {}, "score": {"value": 5.2, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 5.2}, "_state": {"dependencies": 1659859605, "score": 1659805755, "affected_software_major_version": 1671579166}, "_internal": {"score_hash": "02e1067cef2a1fff41afd9ad81b08133"}, "cna_cvss": {"cna": "Synology Inc.", "cvss": {"3": {"vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "score": 4.3}}}, "cpe": ["cpe:/a:synology:diskstation_manager:5.2", "cpe:/a:synology:diskstation_manager:6.0", "cpe:/a:synology:skynas:-", "cpe:/a:synology:vs960hd:-"], "cpe23": ["cpe:2.3:a:synology:vs960hd:-:*:*:*:*:*:*:*", "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*", "cpe:2.3:a:synology:diskstation_manager:5.2:*:*:*:*:*:*:*", "cpe:2.3:a:synology:diskstation_manager:6.0:*:*:*:*:*:*:*"], "cwe": ["CWE-200"], "affectedSoftware": [{"cpeName": "synology:diskstation_manager", "version": "6.0", "operator": "eq", "name": "synology diskstation manager"}, {"cpeName": "synology:vs960hd", "version": "-", "operator": "eq", "name": "synology vs960hd"}, {"cpeName": "synology:skynas", "version": "-", "operator": "eq", "name": "synology skynas"}, {"cpeName": "synology:diskstation_manager", "version": "6.1.7-15284-2", "operator": "lt", "name": "synology diskstation manager"}, {"cpeName": "synology:diskstation_manager", "version": "6.2-23739-2", "operator": "lt", "name": "synology diskstation manager"}, {"cpeName": "synology:diskstation_manager", "version": "5.2", "operator": "eq", "name": "synology diskstation manager"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:synology:vs960hd:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.1.7-15284-2:*:*:*:*:*:*:*", "versionStartIncluding": "6.1", "versionEndExcluding": "6.1.7-15284-2", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.2-23739-2:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.2-23739-2", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:5.2:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://www.synology.com/en-global/support/security/Synology_SA_18_36", "name": "https://www.synology.com/en-global/support/security/Synology_SA_18_36", "refsource": "CONFIRM", "tags": ["Vendor Advisory"]}]}