CVE-2023-46236 - Vulnerability Details - OpenCVE

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00272.

Key SSVC decision points have not yet been added.

Vendors	Products
Fogproject	Fogproject

Configuration 1 [-]

cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-50473	FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763
https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-10-31T14:32:32.703Z

Updated: 2024-09-05T17:46:22.358Z

Reserved: 2023-10-19T20:34:00.946Z

Link: CVE-2023-46236

Vulnrichment

Updated: 2024-08-02T20:37:40.228Z

NVD

Status : Modified

Published: 2023-10-31T15:15:09.630

Modified: 2024-11-21T08:28:08.280

Link: CVE-2023-46236

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-46236", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-10-19T20:34:00.946Z", "datePublished": "2023-10-31T14:32:32.703Z", "dateUpdated": "2024-09-05T17:46:22.358Z"}, "containers": {"cna": {"title": "FOG SSRF via unauthenticated endpoint(s)", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h"}, {"name": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763", "tags": ["x_refsource_MISC"], "url": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763"}], "affected": [{"vendor": "FOGProject", "product": "fogproject", "versions": [{"version": "< 1.5.10", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-31T14:32:32.703Z"}, "descriptions": [{"lang": "en", "value": "FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch."}], "source": {"advisory": "GHSA-8qg4-9363-873h", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:37:40.228Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h"}, {"name": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-05T17:45:57.604643Z", "id": "CVE-2023-46236", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-05T17:46:22.358Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h", "name": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763", "name": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:37:40.228Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-46236", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-05T17:45:57.604643Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-05T17:46:15.821Z"}}], "cna": {"title": "FOG SSRF via unauthenticated endpoint(s)", "source": {"advisory": "GHSA-8qg4-9363-873h", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "FOGProject", "product": "fogproject", "versions": [{"status": "affected", "version": "< 1.5.10"}]}], "references": [{"url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h", "name": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763", "name": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-31T14:32:32.703Z"}}}, "cveMetadata": {"cveId": "CVE-2023-46236", "state": "PUBLISHED", "dateUpdated": "2024-09-05T17:46:22.358Z", "dateReserved": "2023-10-19T20:34:00.946Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-10-31T14:32:32.703Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0A79C05-662C-4102-B8D5-7FCA7C19A1C2", "versionEndExcluding": "1.5.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch."}, {"lang": "es", "value": "FOG es un sistema gratuito de gesti\u00f3n de inventario, im\u00e1genes, clonaci\u00f3n y rescate de c\u00f3digo abierto. Antes de la versi\u00f3n 1.5.10, una vulnerabilidad de server-side-request-forgery (SSRF) permit\u00eda a un usuario no autenticado activar una solicitud GET como servidor para un endpoint y un esquema de URL arbitrarios. Esto tambi\u00e9n permite el acceso remoto a archivos visibles para el grupo de usuarios de Apache. Otros impactos var\u00edan seg\u00fan la configuraci\u00f3n del servidor. La versi\u00f3n 1.5.10 contiene un parche."}], "id": "CVE-2023-46236", "lastModified": "2024-11-21T08:28:08.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-31T15:15:09.630", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}]}