3 matches found
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via unauthenticated access to the /debug/pprof endpoints. An attacker can retrieve sensitive runtime information, including in-memory state, call stacks, and authentication cache data, or...
GO-2026-4334 Fleet has an Access Control vulnerability in debug/pprof endpoints in github.com/fleetdm/fleet
Fleet has an Access Control vulnerability in debug/pprof endpoints in github.com/fleetdm/fleet...
Fleet has an Access Control vulnerability in debug/pprof endpoints
Summary A broken access control issue in Fleet allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server diagnostics and trigger resource-intensive profiling operations. Impact Fleet’s debug/pprof endpoints...