Fogproject
CVE-2023-46237
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue.
AnalysisAI
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue. Affected products include: Fogproject. Version information: version 1.5.10.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
More in Fogproject
View allFOG is a free open-source cloning/imaging/rescue suite/inventory management system. Rated critical severity (CVSS 9.9),
FOG is a cloning/imaging/rescue suite/inventory management system. Rated critical severity (CVSS 9.8), this vulnerabilit
FOG is a cloning/imaging/rescue suite/inventory management system. Rated high severity (CVSS 8.8), this vulnerability is
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated). Rated high severity (CVSS 8.8), this vulnerability i
FOG is a cloning/imaging/rescue suite/inventory management system. Rated high severity (CVSS 8.6), this vulnerability is
FOG is a cloning/imaging/rescue suite/inventory management system. Rated high severity (CVSS 7.8), this vulnerability is
configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafte
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Rated medium severity (CVSS 5.9), th
FOG is a cloning/imaging/rescue suite/inventory management system. Rated medium severity (CVSS 5.3), this vulnerability
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Rated high severity (CVSS 7.5), this
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Rated medium severity (CVSS 6.4), th
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Rated medium severity (CVSS 6.1), th
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today