CVE-2024-41954

Name of the Vulnerable Software and Affected Versions FOG versions prior to 1.5.10.41

Description The application stores plaintext service account credentials in the "/opt/fog/.fogsettings" file, which is readable by all users on the host. This allows a malicious user to exploit these credentials, potentially creating new accounts for the web application and performing other malicious actions.

Recommendations For versions prior to 1.5.10.41, update to version 1.5.10.41 to resolve the issue. As a temporary workaround, consider restricting access to the "/opt/fog/.fogsettings" file to minimize the risk of exploitation.