Lucene search

[email protected]NVD:CVE-2023-46237

HistoryOct 31, 2023 - 3:15 p.m.

CVE-2023-46237

2023-10-3115:15:09

CWE-22

[email protected]

web.nvd.nist.gov

fog

imaging

vulnerability

apache

patch

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

19.2%

JSON

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue.

Affected configurations

NVD

Node

fogprojectfogprojectRange<1.5.10

References

github.com/FOGProject/fogproject/commit/68d73740d7d40aee77cfda3fb8199d58bf04f48b

github.com/FOGProject/fogproject/security/advisories/GHSA-ffp9-rhfm-98c2

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

19.2%

JSON

Related for NVD:CVE-2023-46237

cvelist1 cve1 osv1 prion1