CVE-2023-46237

MEDIUM

fogproject < 1.5.10 - Unauthenticated Path Traversal

Title source: llm

Description

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://github.com/FOGProject/fogproject/security/advisories/GHSA-ffp9-rhfm-98c2

Patch x_refsource_misc

https://github.com/FOGProject/fogproject/commit/68d73740d7d40aee77cfda3fb8199d58bf04f48b

View Patch ZIP pw:eip

Scores

CVSS v3 5.8

EPSS 0.0047

EPSS Percentile 37.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

fogproject/fogproject < 1.5.10

Published Oct 31, 2023

Tracked Since Feb 18, 2026