CVE-2022-22686

Name of the Vulnerable Software and Affected Versions Synology Calendar versions prior to 2.3.4-0631

Description A Cross-Site Request Forgery (CSRF) issue in the webapi component allows remote authenticated users to hijack the authentication of administrators via unspecified vectors. This could potentially lead to unauthorized actions being taken on behalf of the administrators.

Recommendations For versions prior to 2.3.4-0631, update to version 2.3.4-0631 or later to resolve the issue. As a temporary workaround, consider implementing additional authentication checks or restrictions on the webapi component to minimize the risk of exploitation.