Lucene search

[email protected]CVE-2023-46237

HistoryOct 31, 2023 - 3:15 p.m.

CVE-2023-46237

2023-10-3115:15:09

CWE-22

[email protected]

web.nvd.nist.gov

fog

cve-2023-46237

security

vulnerability

patch

apache

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.2%

JSON

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue.

Affected configurations

Vulners

NVD

Node

fogprojectfogprojectRange<1.5.10

VendorProductVersionCPE
fogprojectfogproject*cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fogproject	fogproject	*	cpe:2.3:a:fogproject:fogproject::::::::

CNA Affected

[
  {
    "vendor": "FOGProject",
    "product": "fogproject",
    "versions": [
      {
        "version": "< 1.5.10",
        "status": "affected"
      }
    ]
  }
]

References

github.com/FOGProject/fogproject/commit/68d73740d7d40aee77cfda3fb8199d58bf04f48b

github.com/FOGProject/fogproject/security/advisories/GHSA-ffp9-rhfm-98c2

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.2%

JSON

Related for CVE-2023-46237

cvelist1 osv1 nvd1 prion1