Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-46237: Path traversal via unauthenticated endpoint.

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue.

CVE
Open in Source
#web#apache#php#auth

Moderate

0x41c published GHSA-ffp9-rhfm-98c2

Oct 30, 2023

Package

packages/web/status/getfiles.php (PHP)

Affected versions

< 1.5.10

Description

Impact

An endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that are visible to the Apache user group.

Patches

Patched in commit 68d73740d7d40aee77cfda3fb8199d58bf04f48b, and 1.5.10.

Severity

CVSS base metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Weaknesses

Credits

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE