CVE-2024-42349

FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server (fog_login_accepted.log and fog_login_failed.log), exposing the name of the user account used to manage FOG, the IP address of the computer used to login and the User-Agent. This vulnerability is fixed in 1.5.10.47.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*

History

10 Sep 2024, 16:44

Type Values Removed Values Added
First Time Fogproject fogproject
Fogproject
References () https://github.com/FOGProject/fogproject/security/advisories/GHSA-697m-3c4p-g29h - () https://github.com/FOGProject/fogproject/security/advisories/GHSA-697m-3c4p-g29h - Exploit, Patch, Vendor Advisory
CPE cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*

05 Aug 2024, 12:41

Type Values Removed Values Added
Summary
  • (es) FOG es un sistema de gestión de inventario, clonación, imágenes, suite de rescate. FOG Server 1.5.10.41.4 y versiones anteriores pueden filtrar inicios de sesión autorizados y rechazados a través de registros almacenados directamente en la raíz del servidor web. FOG Server crea 2 registros en la raíz del servidor web (fog_login_accepted.log y fog_login_failed.log), exponiendo el nombre de la cuenta de usuario utilizada para administrar FOG, la dirección IP de la computadora utilizada para iniciar sesión y el User-Agent. Esta vulnerabilidad se solucionó en 1.5.10.47.

02 Aug 2024, 20:17

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-02 20:17

Updated : 2024-09-10 16:44


NVD link : CVE-2024-42349

Mitre link : CVE-2024-42349

CVE.ORG link : CVE-2024-42349


JSON object : View

Products Affected

fogproject

  • fogproject
CWE
CWE-532

Insertion of Sensitive Information into Log File