Vulnerabilities > CVE-2023-46237 - Unspecified vulnerability in Fogproject
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue.
Vulnerable Configurations
References
- https://github.com/FOGProject/fogproject/commit/68d73740d7d40aee77cfda3fb8199d58bf04f48b
- https://github.com/FOGProject/fogproject/commit/68d73740d7d40aee77cfda3fb8199d58bf04f48b
- https://github.com/FOGProject/fogproject/security/advisories/GHSA-ffp9-rhfm-98c2
- https://github.com/FOGProject/fogproject/security/advisories/GHSA-ffp9-rhfm-98c2