3 matches found
CVE-2022-23600
fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication with missing audience verification. This impacts deployments using SAML SSO in two specific cases: 1. A malicious or compromised Service Provider SP could reu...
CVE-2022-23600
Fleet (fleetdm/fleet) before version 4.9.1 is vulnerable to a limited SAML authentication spoof due to missing audience verification. Two attack scenarios are described: (1) a malicious SP could log in as a Fleet user if the user has a matching email in Fleet and signs into the malicious SP via t...
CVE-2022-23600 Limited ability to spoof SAML authentication with missing audience verification
fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication with missing audience verification. This impacts deployments using SAML SSO in two specific cases: 1. A malicious or compromised Service Provider SP could reu...