Synology-SA-18:37 Photo Station
Publish Time: 2018-07-23 10:32:14 UTC+8
Last Updated: 2018-10-31 22:46:47 UTC+8
- Severity
- Moderate
- Status
- Resolved
Abstract
A vulnerability allows remote attackers to hijack web sessions via a susceptible version of Synology Photo Station.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| Photo Station 6.8 | Moderate | Upgrade to 6.8.7-3481 or above. |
| Photo Station 6.3 | Moderate | Upgrade to 6.3-2976 or above. |
Mitigation
None
Detail
- CVE-2018-13282
- Severity: Moderate
- CVSS3 Base Score: 5.6
- CVSS3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
- Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2018-07-23 | Initial public release. |
| 2 | 2018-10-31 | Disclosed vulnerability details. |