CVE-2024-39916 - OpenCVE

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the no_subtree_check option. The no_subtree_check option means that if a client performs a file operation, the server will only check if the requested file is on the correct filesystem, not if it is in the correct directory. This enables modifying files in /images, accessing other files on the same filesystem, and accessing files on other filesystems. This vulnerability is fixed in 1.5.10.30.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fogproject	Fogproject

Configuration 1 [-]

cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88
https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh

History

Thu, 05 Sep 2024 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fogproject Fogproject fogproject
Weaknesses		CWE-1188
CPEs		cpe:2.3:a:fogproject:fogproject::::::::
Vendors & Products		Fogproject Fogproject fogproject

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-07-12T15:00:10.035Z

Updated: 2024-08-02T04:33:11.556Z

Reserved: 2024-07-02T19:37:18.602Z

Link: CVE-2024-39916

Vulnrichment

Updated: 2024-08-02T04:33:11.556Z

NVD

Status : Analyzed

Published: 2024-07-12T15:15:11.813

Modified: 2024-09-05T15:34:36.877

Link: CVE-2024-39916

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39916", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-07-02T19:37:18.602Z", "datePublished": "2024-07-12T15:00:10.035Z", "dateUpdated": "2024-08-02T04:33:11.556Z"}, "containers": {"cna": {"title": "NFS server misconfiguration allows file access outside the exported directory", "problemTypes": [{"descriptions": [{"cweId": "CWE-453", "lang": "en", "description": "CWE-453: Insecure Default Variable Initialization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh"}, {"name": "https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88", "tags": ["x_refsource_MISC"], "url": "https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88"}], "affected": [{"vendor": "FOGProject", "product": "fogproject", "versions": [{"version": "< 1.5.10.30", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-12T15:00:10.035Z"}, "descriptions": [{"lang": "en", "value": "FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the no_subtree_check option. The no_subtree_check option means that if a client performs a file operation, the server will only check if the requested file is on the correct filesystem, not if it is in the correct directory. This enables modifying files in /images, accessing other files on the same filesystem, and accessing files on other filesystems. This vulnerability is fixed in 1.5.10.30."}], "source": {"advisory": "GHSA-3xjr-xf9v-hwjh", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-12T20:00:36.478290Z", "id": "CVE-2024-39916", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-12T20:00:43.304Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:33:11.556Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh"}, {"name": "https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh", "name": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88", "name": "https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:33:11.556Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39916", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-12T20:00:36.478290Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-12T20:00:40.448Z"}}], "cna": {"title": "NFS server misconfiguration allows file access outside the exported directory", "source": {"advisory": "GHSA-3xjr-xf9v-hwjh", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "FOGProject", "product": "fogproject", "versions": [{"status": "affected", "version": "< 1.5.10.30"}]}], "references": [{"url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh", "name": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88", "name": "https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the no_subtree_check option. The no_subtree_check option means that if a client performs a file operation, the server will only check if the requested file is on the correct filesystem, not if it is in the correct directory. This enables modifying files in /images, accessing other files on the same filesystem, and accessing files on other filesystems. This vulnerability is fixed in 1.5.10.30."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-453", "description": "CWE-453: Insecure Default Variable Initialization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-12T15:00:10.035Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39916", "state": "PUBLISHED", "dateUpdated": "2024-08-02T04:33:11.556Z", "dateReserved": "2024-07-02T19:37:18.602Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-07-12T15:00:10.035Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6C828F1-A3A9-4637-8F07-CD959CB2B7CD", "versionEndIncluding": "1.5.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the no_subtree_check option. The no_subtree_check option means that if a client performs a file operation, the server will only check if the requested file is on the correct filesystem, not if it is in the correct directory. This enables modifying files in /images, accessing other files on the same filesystem, and accessing files on other filesystems. This vulnerability is fixed in 1.5.10.30."}, {"lang": "es", "value": "FOG es un sistema gratuito de gesti\u00f3n de inventario, im\u00e1genes, clonaci\u00f3n y rescate de c\u00f3digo abierto. Existe un problema de seguridad con la configuraci\u00f3n de NFS en /etc/exports generada por el instalador que permite a un atacante modificar archivos fuera de la exportaci\u00f3n en la instalaci\u00f3n predeterminada. Las exportaciones tienen la opci\u00f3n no_subtree_check. La opci\u00f3n no_subtree_check significa que si un cliente realiza una operaci\u00f3n de archivo, el servidor solo verificar\u00e1 si el archivo solicitado est\u00e1 en el sistema de archivos correcto, no si est\u00e1 en el directorio correcto. Esto permite modificar archivos en /images, acceder a otros archivos en el mismo sistema de archivos y acceder a archivos en otros sistemas de archivos. Esta vulnerabilidad se solucion\u00f3 en 1.5.10.30."}], "id": "CVE-2024-39916", "lastModified": "2024-09-05T15:34:36.877", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-07-12T15:15:11.813", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1188"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-453"}], "source": "security-advisories@github.com", "type": "Secondary"}]}