Vulnerabilities > CVE-2017-11148 - Server-Side Request Forgery (SSRF) vulnerability in Synology Chat

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

synology

CWE-918

NVD

Published: 2017-08-11

Updated: 2019-10-09

Summary

Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Synology Synology Chat 1.0.0-0126 Synology Chat 1.0.0-0127 Synology Chat 1.0.2-0158 Synology Chat 1.0.2-0159	4

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://www.synology.com/en-global/support/security/Synology_SA_17_38_Chat
http://www.securityfocus.com/bid/100310