Lucene search

GitHub_MCVE-2024-39914

HistoryJul 12, 2024 - 3:15 p.m.

CVE-2024-39914

2024-07-1215:15:11

CWE-77

GitHub_M

web.nvd.nist.gov

fog

cloning

inventory

command injection

vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

22.0%

JSON

FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34.

Affected configurations

Vulners

Vulnrichment

Node

fogprojectfogprojectRange<1.5.10.34

VendorProductVersionCPE
fogprojectfogproject*cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fogproject	fogproject	*	cpe:2.3:a:fogproject:fogproject::::::::

CNA Affected

[
  {
    "vendor": "FOGProject",
    "product": "fogproject",
    "versions": [
      {
        "version": "< 1.5.10.34",
        "status": "affected"
      }
    ]
  }
]

References

github.com/FOGProject/fogproject/commit/2413bc034753c32799785e9bf08164ccd0a2759f

github.com/FOGProject/fogproject/security/advisories/GHSA-7h44-6vq6-cq8j

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

22.0%

JSON

Related for CVE-2024-39914