Description

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the no_subtree_check option. The no_subtree_check option means that if a client performs a file operation, the server will only check if the requested file is on the correct filesystem, not if it is in the correct directory. This enables modifying files in /images, accessing other files on the same filesystem, and accessing files on other filesystems. This vulnerability is fixed in 1.5.10.30.

INFO

Published Date :

2024-07-12T15:00:10.035Z

Last Modified :

2024-08-02T04:33:11.556Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-39916 vulnerability.

Vendors Products
Fogproject
  • Fogproject
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-39916.

URL Resource
https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88 cve-icon cve-icon cve-icon
https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact