CVE-2024-39916 (GCVE-0-2024-39916)
Vulnerability from cvelistv5
Published
2024-07-12 15:00
Modified
2024-08-02 04:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-453 - Insecure Default Variable Initialization
Summary
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the no_subtree_check option. The no_subtree_check option means that if a client performs a file operation, the server will only check if the requested file is on the correct filesystem, not if it is in the correct directory. This enables modifying files in /images, accessing other files on the same filesystem, and accessing files on other filesystems. This vulnerability is fixed in 1.5.10.30.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FOGProject | fogproject |
Version: < 1.5.10.30 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T20:00:36.478290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T20:00:43.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh"
},
{
"name": "https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "fogproject",
"vendor": "FOGProject",
"versions": [
{
"status": "affected",
"version": "\u003c 1.5.10.30"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the no_subtree_check option. The no_subtree_check option means that if a client performs a file operation, the server will only check if the requested file is on the correct filesystem, not if it is in the correct directory. This enables modifying files in /images, accessing other files on the same filesystem, and accessing files on other filesystems. This vulnerability is fixed in 1.5.10.30."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-453",
"description": "CWE-453: Insecure Default Variable Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T15:00:10.035Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh"
},
{
"name": "https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88"
}
],
"source": {
"advisory": "GHSA-3xjr-xf9v-hwjh",
"discovery": "UNKNOWN"
},
"title": "NFS server misconfiguration allows file access outside the exported directory"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39916",
"datePublished": "2024-07-12T15:00:10.035Z",
"dateReserved": "2024-07-02T19:37:18.602Z",
"dateUpdated": "2024-08-02T04:33:11.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-39916\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-07-12T15:15:11.813\",\"lastModified\":\"2024-11-21T09:28:33.610\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the no_subtree_check option. The no_subtree_check option means that if a client performs a file operation, the server will only check if the requested file is on the correct filesystem, not if it is in the correct directory. This enables modifying files in /images, accessing other files on the same filesystem, and accessing files on other filesystems. This vulnerability is fixed in 1.5.10.30.\"},{\"lang\":\"es\",\"value\":\"FOG es un sistema gratuito de gesti\u00f3n de inventario, im\u00e1genes, clonaci\u00f3n y rescate de c\u00f3digo abierto. Existe un problema de seguridad con la configuraci\u00f3n de NFS en /etc/exports generada por el instalador que permite a un atacante modificar archivos fuera de la exportaci\u00f3n en la instalaci\u00f3n predeterminada. Las exportaciones tienen la opci\u00f3n no_subtree_check. La opci\u00f3n no_subtree_check significa que si un cliente realiza una operaci\u00f3n de archivo, el servidor solo verificar\u00e1 si el archivo solicitado est\u00e1 en el sistema de archivos correcto, no si est\u00e1 en el directorio correcto. Esto permite modificar archivos en /images, acceder a otros archivos en el mismo sistema de archivos y acceder a archivos en otros sistemas de archivos. Esta vulnerabilidad se solucion\u00f3 en 1.5.10.30.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-453\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1188\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.10\",\"matchCriteriaId\":\"D6C828F1-A3A9-4637-8F07-CD959CB2B7CD\"}]}]}],\"references\":[{\"url\":\"https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh\", \"name\": \"https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88\", \"name\": \"https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T04:33:11.556Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-39916\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-12T20:00:36.478290Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-12T20:00:40.448Z\"}}], \"cna\": {\"title\": \"NFS server misconfiguration allows file access outside the exported directory\", \"source\": {\"advisory\": \"GHSA-3xjr-xf9v-hwjh\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"FOGProject\", \"product\": \"fogproject\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.5.10.30\"}]}], \"references\": [{\"url\": \"https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh\", \"name\": \"https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88\", \"name\": \"https://github.com/FOGProject/fogproject/commit/2de209bc57a177a052b4a877f000c591740b2f88\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the no_subtree_check option. The no_subtree_check option means that if a client performs a file operation, the server will only check if the requested file is on the correct filesystem, not if it is in the correct directory. This enables modifying files in /images, accessing other files on the same filesystem, and accessing files on other filesystems. This vulnerability is fixed in 1.5.10.30.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-453\", \"description\": \"CWE-453: Insecure Default Variable Initialization\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-07-12T15:00:10.035Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-39916\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T04:33:11.556Z\", \"dateReserved\": \"2024-07-02T19:37:18.602Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-07-12T15:00:10.035Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…