CVE-2024-11399 PUBLISHED

Assigner: synology
Reserved: 19.11.2024 Published: 27.05.2026 Updated: 27.05.2026

Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks via unspecified vectors.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CVSS Score: 6.8

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Synology
Product	BeeDrive for desktop
Versions	Default: affected affected from * to 1.3.2-13814 (excl.)

Credits

Bocheng Xiang with FDU(@crispr) finder

References

Synology-SA-24:26 BeeDrive for desktop

Problem Types

Files or Directories Accessible to External Parties CWE