Security Advisories for github.com/fleetdm/fleet/v4 in go
Moderate
18 days ago
Fleet: IP spoofing allows bypassing API rate limiting
go
github.com/fleetdm/fleet/v4
Moderate
18 days ago
Fleet vulnerable to OS command injection in software packages
go
github.com/fleetdm/fleet/v4
High
18 days ago
Fleet server may terminate unexpectedly when handling certain gRPC requests
go
github.com/fleetdm/fleet/v4
High
18 days ago
Fleet Windows MDM Azure AD JWT Authentication Bypass
go
github.com/fleetdm/fleet/v4
Moderate
18 days ago
Fleet has a rate limiting bypass via untrusted client IP headers
go
github.com/fleetdm/fleet/v4
High
18 days ago
Fleet has a Windows MDM management endpoint authentication bypass
go
github.com/fleetdm/fleet/v4
High
about 2 months ago
Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit
go
github.com/fleetdm/fleet/v4
Moderate
2 months ago
Fleet's user account creation via invite does not enforce invited email address
go
github.com/fleetdm/fleet/v4
Moderate
2 months ago
Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint
go
github.com/fleetdm/fleet/v4
Moderate
2 months ago
Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin
go
github.com/fleetdm/fleet/v4
Moderate
2 months ago
Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database
go
github.com/fleetdm/fleet/v4
Moderate
2 months ago
A Fleet team maintainer can transfer hosts from any team via missing source team authorization
go
github.com/fleetdm/fleet/v4
High
2 months ago
Fleet's unbounded request body read allows remote Denial of Service
go
github.com/fleetdm/fleet/v4
Moderate
2 months ago
Fleet: Password reset tokens remain valid after password change for 24 hours
go
github.com/fleetdm/fleet/v4
High
3 months ago
Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users
go
github.com/fleetdm/fleet/v4
Moderate
3 months ago
Fleet: Authorization Bypass in certificate template batch deletion for team administrators
go
github.com/fleetdm/fleet/v4
Moderate
3 months ago
Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint
go
github.com/fleetdm/fleet/v4
Moderate
3 months ago
Fleet: Device lock PIN can be predicted if lock time is known
go
github.com/fleetdm/fleet/v4
Moderate
3 months ago
Fleet has an SQL Injection vulnerability via backtick escape in ORDER BY parameter
go
github.com/fleetdm/fleet/v4
High
4 months ago
Fleet has an Access Control vulnerability in debug/pprof endpoints
go
github.com/fleetdm/fleet/v4, github.com/fleetdm/fleet
Moderate
4 months ago
Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability
go
github.com/fleetdm/fleet/v4, github.com/fleetdm/fleet
Critical
about 1 year ago
Fleet has SAML authentication vulnerability due to improper SAML response validation
go
github.com/fleetdm/fleet/v4
High
over 4 years ago
SAML authentication vulnerability due to stdlib XML parsing
go
github.com/fleetdm/fleet/v4
Moderate
over 4 years ago
Limited ability to spoof SAML authentication with missing audience verification in Fleet
go
github.com/fleetdm/fleet/v4