CVE-2023-39301

A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.1.2491 build 20230815 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.1.2488 build 20230812 and later QuTScloud c5.1.0.2498 and later
Configurations

Configuration 1 (hide)

cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-03 17:15

Updated : 2024-11-21 08:15


NVD link : CVE-2023-39301

Mitre link : CVE-2023-39301

CVE.ORG link : CVE-2023-39301


JSON object : View

Products Affected

qnap

  • qutscloud
  • quts_hero
  • qts
CWE
CWE-918

Server-Side Request Forgery (SSRF)