Philipp-Tg

**Name of the Vulnerable Software and Affected Versions** FOG versions prior to 1.5.10.30 **Description** The issue concerns the NFS configuration in /etc/exports generated by the FOG installer, which allows an attacker to modify files outside the export in the default installation. The `no subtree check` option in the exports means that the server only checks if the requested file is on the correct filesystem, not if it is in the correct directory. This enables modifying files in `/images`, accessing other files on the same filesystem, and accessing files on other filesystems. **Recommendations** For versions prior to 1.5.10.30, update to version 1.5.10.30 to resolve the issue. As a temporary workaround, consider modifying the NFS configuration to remove the `no subtree check` option from the exports in `/etc/exports` to prevent unauthorized file access.