Lucene search

K

Fleet Server Security Vulnerabilities

cve
cve

CVE-2023-31421

It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to.....

7.5CVSS

7.5AI Score

0.001EPSS

2023-10-26 04:15 AM
29
cve
cve

CVE-2023-46667

An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Serverโ€™s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secret...

8.1CVSS

7.9AI Score

0.001EPSS

2023-10-26 01:15 AM
20
cve
cve

CVE-2021-21296

Fleet is an open source osquery manager. In Fleet before version 3.7.0 a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in denial of service. This is possible only while a live query is currently ongoing. We believe the...

2.7CVSS

4AI Score

0.001EPSS

2021-02-10 08:15 PM
26
2
cve
cve

CVE-2018-19798

Fleetco Fleet Maintenance Management (FMM) 1.2 and earlier allows uploading an arbitrary ".php" file with the application/x-php Content-Type to the accidents_add.php?submit=1 URI, as demonstrated by the value_Images_1 field, which leads to remote command execution on the remote server. Any...

8.8CVSS

8.7AI Score

0.01EPSS

2020-03-02 09:15 PM
24
cve
cve

CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be...

6.1CVSS

6.3AI Score

0.007EPSS

2018-01-18 11:29 PM
1684
5
cve
cve

CVE-2016-7103

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog...

6.1CVSS

6AI Score

0.005EPSS

2017-03-15 04:59 PM
546
In Wild
3