Code injection

2015-05-3019:59:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

0.4%

JSON

client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.

CPENameOperatorVersion
cloud_stationeq1.1.2291
cloud_stationeq2.0.2291
cloud_stationeq2.0.2402
cloud_stationeq2.1.2561
cloud_stationeq2.1.2570
cloud_stationeq2.1.2577
cloud_stationeq3.0.3005
cloud_stationeq3.0.3103
cloud_stationeq3.0.3108
cloud_stationeq3.0.3109

Name	Operator	Version
cloud_station	eq	1.1.2291
cloud_station	eq	2.0.2291
cloud_station	eq	2.0.2402
cloud_station	eq	2.1.2561
cloud_station	eq	2.1.2570
cloud_station	eq	2.1.2577
cloud_station	eq	3.0.3005
cloud_station	eq	3.0.3103
cloud_station	eq	3.0.3108
cloud_station	eq	3.0.3109