FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. This vulnerability is fixed in 1.5.10.41.3 and 1.6.0-beta.1395.
References
Link | Resource |
---|---|
https://github.com/FOGProject/fogproject/security/advisories/GHSA-456c-4gw3-c9xw | Exploit Vendor Advisory |
Configurations
History
10 Sep 2024, 16:49
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:* | |
First Time |
Fogproject fogproject
Fogproject |
|
References | () https://github.com/FOGProject/fogproject/security/advisories/GHSA-456c-4gw3-c9xw - Exploit, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.6 |
05 Aug 2024, 12:41
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
02 Aug 2024, 20:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-02 20:17
Updated : 2024-09-10 16:49
NVD link : CVE-2024-42348
Mitre link : CVE-2024-42348
CVE.ORG link : CVE-2024-42348
JSON object : View
Products Affected
fogproject
- fogproject
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')