Lucene search

[email protected]NVD:CVE-2023-39301

HistoryNov 03, 2023 - 5:15 p.m.

CVE-2023-39301

2023-11-0317:15:08

CWE-918

[email protected]

web.nvd.nist.gov

ssrf

qnap

operating system

vulnerability

authenticated users

network

qts

quts

qutscloud

fixed

cve-2023-39301

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.3

Confidence

High

EPSS

Percentile

14.0%

JSON

A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2514 build 20230906 and later
QTS 5.1.1.2491 build 20230815 and later
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h5.1.1.2488 build 20230812 and later
QuTScloud c5.1.0.2498 and later

Affected configurations

Nvd

Node

qnapqtsRange<5.1.1.2491

Node

qnapqtsRange<5.0.1.2514

Node

qnapquts_heroRange<h5.1.1.2488

Node

qnapquts_heroRange<h5.0.1.2515

Node

qnapqutscloudRange<c5.1.0.2498

VendorProductVersionCPE
qnapqts*cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
qnapquts_hero*cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*
qnapqutscloud*cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qnap	qts	*	cpe:2.3:o:qnap:qts::::::::
qnap	quts_hero	*	cpe:2.3:o:qnap:quts_hero::::::::
qnap	qutscloud	*	cpe:2.3:o:qnap:qutscloud::::::::