CVE-2023-46236 - OpenCVE

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fogproject	Fogproject

Configuration 1 [-]

cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763
https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-10-31T14:32:32.703Z

Updated: 2024-09-05T17:46:22.358Z

Reserved: 2023-10-19T20:34:00.946Z

Link: CVE-2023-46236

Vulnrichment

Updated: 2024-08-02T20:37:40.228Z

NVD

Status : Analyzed

Published: 2023-10-31T15:15:09.630

Modified: 2023-11-08T17:47:50.123

Link: CVE-2023-46236

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-46236", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-10-19T20:34:00.946Z", "datePublished": "2023-10-31T14:32:32.703Z", "dateUpdated": "2024-09-05T17:46:22.358Z"}, "containers": {"cna": {"title": "FOG SSRF via unauthenticated endpoint(s)", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h"}, {"name": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763", "tags": ["x_refsource_MISC"], "url": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763"}], "affected": [{"vendor": "FOGProject", "product": "fogproject", "versions": [{"version": "< 1.5.10", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-31T14:32:32.703Z"}, "descriptions": [{"lang": "en", "value": "FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch."}], "source": {"advisory": "GHSA-8qg4-9363-873h", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:37:40.228Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h"}, {"name": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-05T17:45:57.604643Z", "id": "CVE-2023-46236", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-05T17:46:22.358Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h", "name": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763", "name": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:37:40.228Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-46236", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-05T17:45:57.604643Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-05T17:46:15.821Z"}}], "cna": {"title": "FOG SSRF via unauthenticated endpoint(s)", "source": {"advisory": "GHSA-8qg4-9363-873h", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "FOGProject", "product": "fogproject", "versions": [{"status": "affected", "version": "< 1.5.10"}]}], "references": [{"url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h", "name": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763", "name": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-31T14:32:32.703Z"}}}, "cveMetadata": {"cveId": "CVE-2023-46236", "state": "PUBLISHED", "dateUpdated": "2024-09-05T17:46:22.358Z", "dateReserved": "2023-10-19T20:34:00.946Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-10-31T14:32:32.703Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0A79C05-662C-4102-B8D5-7FCA7C19A1C2", "versionEndExcluding": "1.5.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch."}, {"lang": "es", "value": "FOG es un sistema gratuito de gesti\u00f3n de inventario, im\u00e1genes, clonaci\u00f3n y rescate de c\u00f3digo abierto. Antes de la versi\u00f3n 1.5.10, una vulnerabilidad de server-side-request-forgery (SSRF) permit\u00eda a un usuario no autenticado activar una solicitud GET como servidor para un endpoint y un esquema de URL arbitrarios. Esto tambi\u00e9n permite el acceso remoto a archivos visibles para el grupo de usuarios de Apache. Otros impactos var\u00edan seg\u00fan la configuraci\u00f3n del servidor. La versi\u00f3n 1.5.10 contiene un parche."}], "id": "CVE-2023-46236", "lastModified": "2023-11-08T17:47:50.123", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-10-31T15:15:09.630", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}