We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-46237

FOG path traversal via unauthenticated endpoint



Description

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue.

Reserved 2023-10-19 | Published 2023-10-31 | Updated 2024-09-05 | Assigner GitHub_M


MEDIUM: 5.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Problem types

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

< 1.5.10
affected

References

github.com/...roject/security/advisories/GHSA-ffp9-rhfm-98c2

github.com/...ommit/68d73740d7d40aee77cfda3fb8199d58bf04f48b

cve.org (CVE-2023-46237)

nvd.nist.gov (CVE-2023-46237)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-46237

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.