Missing encryption of sensitive data vulnerability in... · CVE-2023-52948 · GitHub Advisory Database · GitHub

Missing encryption of sensitive data vulnerability in...

Moderate severity Unreviewed Published Sep 26, 2024 to the GitHub Advisory Database • Updated Sep 26, 2024

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors.

References

Published by the National Vulnerability Database

Sep 26, 2024

Published to the GitHub Advisory Database Sep 26, 2024

Last updated Sep 26, 2024

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Local

Attack complexity

Low

Privileges required

Low

User interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N