CVE-2023-47222

An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later

CVSS v3 9.6 CRITICAL

9.6^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.qnap.com/en/security-advisory/qsa-24-15
https://www.qnap.com/en/security-advisory/qsa-24-15

Configurations

No configuration.

History

21 Nov 2024, 08:29

Type	Values Removed	Values Added
Summary		(es) Se ha informado que una vulnerabilidad de exposición de información confidencial afecta al complemento Media Streaming. Si se explota, la vulnerabilidad podría permitir a los usuarios comprometer la seguridad del sistema a través de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versión: complemento Media Streaming 500.1.1.5 (2024/01/22) y posteriores
References	~~() https://www.qnap.com/en/security-advisory/qsa-24-15 -~~	() https://www.qnap.com/en/security-advisory/qsa-24-15 -

26 Apr 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-26 15:15

Updated : 2024-11-21 08:29

NVD link : CVE-2023-47222

Mitre link : CVE-2023-47222

CVE.ORG link : CVE-2023-47222

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-287

Improper Authentication

9.6 /10