CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42349 – FOG has a Log Information Disclosure
https://notcve.org/view.php?id=CVE-2024-42349
02 Aug 2024 — FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server (fog_login_accepted.log and fog_login_failed.log), exposing the name of the user account used to manage FOG, the IP address of the computer used to login and the User-Agent. This vulnerability is fixed in 1.5.10.47. • https://github.com/FOGProject/fogproject/security/advisories/GHSA-697m-3c4p-g29h • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42348 – FOG leaks sensitive information (AD domain, username and password)
https://notcve.org/view.php?id=CVE-2024-42348
02 Aug 2024 — FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. This vulnerability is fixed in 1.5.10.41.3 and 1.6.0-beta.1395. • https://github.com/FOGProject/fogproject/security/advisories/GHSA-456c-4gw3-c9xw • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41954 – FOG Weak file permissions
https://notcve.org/view.php?id=CVE-2024-41954
31 Jul 2024 — FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable by all users on the host. By exploiting these credentials, a malicious user could create new accounts for the web application and much more. The vulnerability is fixed in 1.5.10.41. • https://github.com/FOGProject/fogproject/commit/97ed6d51608e52fc087ca1d2f03d6b8df612fc90 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41108 – FOG Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2024-41108
31 Jul 2024 — FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending on that host. Otherwise, an error message containing "Invalid tasking!" will be returned. • https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/packages/web/service/hostinfo.php • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40645 – FOG Authenticated File Upload RCE
https://notcve.org/view.php?id=CVE-2024-40645
31 Jul 2024 — FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120 pixels high. Apart from that, there are no checks on things like file extensions. This can be abused by appending a PHP webshell to the end of the image and changing the extension to anything the PHP web server will ... • https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/packages/web/lib/pages/fogconfigurationpage.class.php#L2860-L2896 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39916 – NFS server misconfiguration allows file access outside the exported directory
https://notcve.org/view.php?id=CVE-2024-39916
12 Jul 2024 — FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the no_subtree_check option. The no_subtree_check option means that if a client performs a file operation, the server will only check if the requested file is on the correct filesystem, not if it is in the correct directory. Th... • https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh • CWE-453: Insecure Default Variable Initialization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-39914 – FOG has a command injection in /fog/management/export.php?filename=
https://notcve.org/view.php?id=CVE-2024-39914
12 Jul 2024 — FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34. • https://github.com/9874621368/FOG-Project • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46237 – FOG path traversal via unauthenticated endpoint
https://notcve.org/view.php?id=CVE-2023-46237
31 Oct 2023 — FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue. FOG es un sistema gratuito de gestión de inventario, imágenes, clonación y rescate de código abierto. • https://github.com/FOGProject/fogproject/commit/68d73740d7d40aee77cfda3fb8199d58bf04f48b • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46236 – FOG SSRF via unauthenticated endpoint(s)
https://notcve.org/view.php?id=CVE-2023-46236
31 Oct 2023 — FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch. • https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46235 – FOG stored XSS on log screen via unsanitized request logging
https://notcve.org/view.php?id=CVE-2023-46235
31 Oct 2023 — FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in and viewed the logs, they would be parsed as HTML and displayed accordingly. Version 1.5.10.15 contains a patch. As a workaround, view logs from an external text editor rather than the dashboard. • https://github.com/FOGProject/fogproject/commit/2e2421f19620669b9930f72fb73a8dbc5efe4980 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •