CVE-2024-41954
MEDIUMfogproject 1.5.10-1.5.10.41 - Unauthenticated Sensitive Information Exposure via .fogsettings File
Title source: llmDescription
FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable by all users on the host. By exploiting these credentials, a malicious user could create new accounts for the web application and much more. The vulnerability is fixed in 1.5.10.41.
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/FOGProject/fogproject/security/advisories/GHSA-pcqm-h8cx-282c
Scores
CVSS v3
5.3
EPSS
0.0031
EPSS Percentile
22.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-732
Status
published
Products (1)
fogproject/fogproject
1.5.10 - 1.5.10.41
Published
Jul 31, 2024
Tracked Since
Feb 18, 2026