CVE-2023-46237

Name of the Vulnerable Software and Affected Versions FOG versions prior to 1.5.10

Description The issue affects FOG, a free open-source cloning/imaging/rescue suite/inventory management system. An endpoint intended for authenticated users to have limited enumeration abilities was accessible to unauthenticated users. This allowed unauthenticated users to discover files and their paths visible to the Apache user group.

Recommendations For versions prior to 1.5.10, update to version 1.5.10 to resolve the issue. As a temporary workaround, consider restricting access to the affected endpoint until the patch is applied.