{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T02:33:21.019","vulnerabilities":[{"cve":{"id":"CVE-2023-46237","sourceIdentifier":"security-advisories@github.com","published":"2023-10-31T15:15:09.707","lastModified":"2026-06-17T06:30:29.407","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue."},{"lang":"es","value":"FOG es un sistema gratuito de gestión de inventario, imágenes, clonación y rescate de código abierto. Antes de la versión 1.5.10, los usuarios no autenticados podían acceder a un endpoint destinado a ofrecer capacidades de enumeración limitadas a usuarios autenticados. Esto permitió a los usuarios no autenticados descubrir archivos y sus respectivas rutas que eran visibles para el grupo de usuarios de Apache. La versión 1.5.10 contiene un parche para este problema."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOGProject","product":"fogproject","versions":[{"version":"< 1.5.10","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-09-05T17:39:04.385914Z","id":"CVE-2023-46237","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fogproject:fogproject:*:*:*:*:*:*:*:*","versionEndExcluding":"1.5.10","matchCriteriaId":"F0A79C05-662C-4102-B8D5-7FCA7C19A1C2"}]}]}],"references":[{"url":"https://github.com/FOGProject/fogproject/commit/68d73740d7d40aee77cfda3fb8199d58bf04f48b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/FOGProject/fogproject/security/advisories/GHSA-ffp9-rhfm-98c2","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/FOGProject/fogproject/commit/68d73740d7d40aee77cfda3fb8199d58bf04f48b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/FOGProject/fogproject/security/advisories/GHSA-ffp9-rhfm-98c2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}