FOG is a cloning/imaging/rescue suite/inventory management system. The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file. This file is by default readable by all users on the host. By exploiting these credentials, a malicious user could create new accounts for the web application and much more. The vulnerability is fixed in 1.5.10.41.
References
Link | Resource |
---|---|
https://github.com/FOGProject/fogproject/commit/97ed6d51608e52fc087ca1d2f03d6b8df612fc90 | Patch |
https://github.com/FOGProject/fogproject/security/advisories/GHSA-pcqm-h8cx-282c | Exploit Vendor Advisory |
Configurations
History
05 Sep 2024, 16:18
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:* | |
References | () https://github.com/FOGProject/fogproject/commit/97ed6d51608e52fc087ca1d2f03d6b8df612fc90 - Patch | |
References | () https://github.com/FOGProject/fogproject/security/advisories/GHSA-pcqm-h8cx-282c - Exploit, Vendor Advisory | |
First Time |
Fogproject fogproject
Fogproject |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
01 Aug 2024, 12:42
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
31 Jul 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-31 20:15
Updated : 2024-09-05 16:18
NVD link : CVE-2024-41954
Mitre link : CVE-2024-41954
CVE.ORG link : CVE-2024-41954
JSON object : View
Products Affected
fogproject
- fogproject
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource