Lucene search
GoogleOSV:CVE-2023-46237HistoryOct 31, 2023 - 3:15 p.m.
CVE-2023-46237
2023-10-3115:15:09
Google
osv.dev
3
fog
open-source
cloning
imaging
security
vulnerability
endpoint
enumeration
authentication
apache
patch
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fogproject | eq | 1.4.4 | |
| fogproject | eq | 1.5.1 | |
| fogproject | eq | 1.3.5 | |
| fogproject | eq | 1.4.0 | |
| fogproject | eq | 1.5.7 | |
| fogproject | eq | 1.5.9 | |
| fogproject | eq | 1.5.3 | |
| fogproject | eq | 1.3.0 | |
| fogproject | eq | 1.5.2 | |
| fogproject | eq | 1.5.5 |
Related
cve
cve
CVE-2023-46237
2023-10-31 15:15:09
cvelist
cvelist
CVE-2023-46237 FOG path traversal via unauthenticated endpoint
2023-10-31 14:59:37
prion
prion
Design/Logic Flaw
2023-10-31 15:15:00