Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NFS server misconfiguration allows file access outside the exported directory
Vulnerability Description
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the no_subtree_check option. The no_subtree_check option means that if a client performs a file operation, the server will only check if the requested file is on the correct filesystem, not if it is in the correct directory. This enables modifying files in /images, accessing other files on the same filesystem, and accessing files on other filesystems. This vulnerability is fixed in 1.5.10.30.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
不安全的缺省变量初始化
Vulnerability Title
FOGProject 安全漏洞
Vulnerability Description
FOGProject是FOGProject开源的一个免费的开源网络计算机克隆和管理解决方案。可用于部署和管理任何桌面操作系统。 FOGProject 1.5.10.30之前版本存在安全漏洞,该漏洞源于安装程序生成的/etc/exports中的NFS配置存在安全问题,允许攻击者在默认安装中修改导出之外的文件。
CVSS Information
N/A
Vulnerability Type
N/A