CVE-2024-11399
Files Accessible to External Parties in Synology BeeDrive
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: Synology Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| synology | beedrive | 1.3.2-13814 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The vulnerability CVE-2024-11399 in Synology BeeDrive for desktop can be mitigated by upgrading the software to version 1.3.2-13814 or later.
No additional mitigation steps are required beyond applying this update.
Can you explain this vulnerability to me?
This vulnerability exists in the redis-server component of Synology BeeDrive for desktop versions before 1.3.2-13814. It allows local users to access files or directories that should not be accessible to external parties. Through unspecified methods, these local users can perform denial-of-service (DoS) attacks.
How can this vulnerability impact me? :
The vulnerability can lead to denial-of-service attacks by local users, which may disrupt the availability of the affected system or service. Although it does not impact confidentiality, it can impair system integrity and availability.