How severe is CVE-2024-41108?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2024-41108?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2024-41108 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending on that host. Otherwise, an error message containing "Invalid tasking!" will be returned. The domainpassword in the hostinfo dump is hidden even to authenticated users, as it is displayed as a row of asterisks when navigating to the host's Active Directory settings. This vulnerability is fixed in 1.5.10.41.

Related Vulnerabilities

CVE-2007-2479

MEDIUM

CVSS:5.9(Medium)

Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed ...

CWE-2002007

CVE-2011-4076

MEDIUM

CVSS:5.9(Medium)

OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or...

CWE-2002011

CVE-2013-3587

MEDIUM

CVSS:5.9(Medium)

The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle at...

CWE-2002013

CVE-2013-6681

MEDIUM

CVSS:5.9(Medium)

Tube Map Live Underground for Android before 3.0.22 has an Information Disclosure Vulnerability

CWE-2002013

CVE-2014-2359

MEDIUM

CVSS:5.9(Medium)

OleumTech Wireless Sensor Network devices allow remote attackers to obtain sensitive information about sensor nodes or spoof devices by reading cleartext protocol data.

CWE-2002014

CVE-2014-4024

MEDIUM

CVSS:5.9(Medium)

SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used ...

CWE-2002014