CVE-2024-42349
CVSS V2 None
CVSS V3 None
Description
FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server (fog_login_accepted.log and fog_login_failed.log), exposing the name of the user account used to manage FOG, the IP address of the computer used to login and the User-Agent. This vulnerability is fixed in 1.5.10.47.
Overview
- CVE ID
- CVE-2024-42349
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-08-02T20:01:29.055Z
- Last Modified Date
- 2024-08-02T20:01:29.055Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/FOGProject/fogproject/security/advisories/GHSA-697m-3c4p-g29h | x_refsource_CONFIRM |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-42349 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42349 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-08-03 13:06:46 | Added to TrackCVE |