Unrated severityNVD Advisory· Published Oct 31, 2023· Updated Sep 5, 2024

FOG SSRF via unauthenticated endpoint(s)

CVE-2023-46236

Description

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch.

Affected products

Fogproject/Fogprojectv5
Range: < 1.5.10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763mitrex_refsource_MISC
github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873hmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000