CVE-2024-42348

FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. This vulnerability is fixed in 1.5.10.41.3 and 1.6.0-beta.1395.
Configurations

Configuration 1 (hide)

cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*

History

10 Sep 2024, 16:49

Type Values Removed Values Added
CPE cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*
First Time Fogproject fogproject
Fogproject
References () https://github.com/FOGProject/fogproject/security/advisories/GHSA-456c-4gw3-c9xw - () https://github.com/FOGProject/fogproject/security/advisories/GHSA-456c-4gw3-c9xw - Exploit, Vendor Advisory
CVSS v2 : unknown
v3 : 9.3
v2 : unknown
v3 : 8.6

05 Aug 2024, 12:41

Type Values Removed Values Added
Summary
  • (es) FOG es un sistema de gestión de inventario, clonación, imágenes, suite de rescate. FOG Server 1.5.10.41.2 puede filtrar el nombre de usuario y la contraseña de AD al registrar una computadora. Esta vulnerabilidad se solucionó en 1.5.10.41.3 y 1.6.0-beta.1395.

02 Aug 2024, 20:17

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-02 20:17

Updated : 2024-09-10 16:49


NVD link : CVE-2024-42348

Mitre link : CVE-2024-42348

CVE.ORG link : CVE-2024-42348


JSON object : View

Products Affected

fogproject

  • fogproject
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')