Unrated severityNVD Advisory· Published Oct 31, 2023· Updated Sep 5, 2024
FOG path traversal via unauthenticated endpoint
CVE-2023-46237
Description
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.5.10
- Range: < 1.5.10
Patches
Vulnerability mechanics
References
2- github.com/FOGProject/fogproject/commit/68d73740d7d40aee77cfda3fb8199d58bf04f48bmitrex_refsource_MISC
- github.com/FOGProject/fogproject/security/advisories/GHSA-ffp9-rhfm-98c2mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.