CVE-2023-46236

Summary

CVE-2023-46236 is a serious vulnerability affecting the FOG open-source cloning and imaging suite before version 1.5.10. An unauthenticated attacker can exploit this Server-Side Request Forgery (SSRF) flaw to trigger a GET request on behalf of the server to an arbitrary endpoint and URL scheme. This vulnerability potentially grants the attacker access to files visible to the Apache user group, with the exact impact dependent on the server configuration. It is crucial for FOG users to upgrade to version 1.5.10, which contains a patch to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.