CVE-2022-23600
- EPSS 0.27%
- Veröffentlicht 04.02.2022 23:15:15
- Zuletzt bearbeitet 21.11.2024 06:48:54
fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication with missing audience verification. This impacts deployments using SAML SSO in two specific cases: 1. A malicio...
- EPSS 0.68%
- Veröffentlicht 10.02.2021 20:15:15
- Zuletzt bearbeitet 21.11.2024 05:47:57
Fleet is an open source osquery manager. In Fleet before version 3.7.0 a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in denial of service. This is possible only while a live...
CVE-2020-26276
- EPSS 0.98%
- Veröffentlicht 17.12.2020 20:15:13
- Zuletzt bearbeitet 21.11.2024 05:19:44
Fleet is an open source osquery manager. In Fleet before version 3.5.1, due to issues in Go's standard library XML parsing, a valid SAML response may be mutated by an attacker to modify the trusted document. This can result in allowing unverified log...