CVE-2023-46237

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-46237

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46237.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-46237

Related

GHSA-ffp9-rhfm-98c2

Published

2023-10-31T15:15:09Z

Modified

2025-01-15T05:00:32.217788Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue.

References

Affected packages

Git / github.com/fogproject/fogproject

Affected ranges

Type: GIT
Repo: https://github.com/fogproject/fogproject
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

68d73740d7d40aee77cfda3fb8199d58bf04f48b

Fixed

68d73740d7d40aee77cfda3fb8199d58bf04f48b

Affected versions

1.*

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.5.9

1.5.9-RC1

1.5.9-RC2