CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
0.4%
client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.
Vendor | Product | Version | CPE |
---|---|---|---|
synology | cloud_station | 1.1-2291 | cpe:2.3:a:synology:cloud_station:1.1-2291:*:*:*:*:*:*:* |
synology | cloud_station | 2.0-2291 | cpe:2.3:a:synology:cloud_station:2.0-2291:*:*:*:*:*:*:* |
synology | cloud_station | 2.0-2402 | cpe:2.3:a:synology:cloud_station:2.0-2402:*:*:*:*:*:*:* |
synology | cloud_station | 2.1-2561 | cpe:2.3:a:synology:cloud_station:2.1-2561:*:*:*:*:*:*:* |
synology | cloud_station | 2.1-2570 | cpe:2.3:a:synology:cloud_station:2.1-2570:*:*:*:*:*:*:* |
synology | cloud_station | 2.1-2577 | cpe:2.3:a:synology:cloud_station:2.1-2577:*:*:*:*:*:*:* |
synology | cloud_station | 3.0-3005 | cpe:2.3:a:synology:cloud_station:3.0-3005:*:*:*:*:*:*:* |
synology | cloud_station | 3.0-3103 | cpe:2.3:a:synology:cloud_station:3.0-3103:*:*:*:*:*:*:* |
synology | cloud_station | 3.0-3108 | cpe:2.3:a:synology:cloud_station:3.0-3108:*:*:*:*:*:*:* |
synology | cloud_station | 3.0-3109 | cpe:2.3:a:synology:cloud_station:3.0-3109:*:*:*:*:*:*:* |