Fleet vulnerable to OS command injection in software packages
Summary A vulnerability in Fleet's software installer pipeline could allow a crafted software package to execute arbitrary commands as root macOS/Linux or SYSTEM Windows on managed endpoints when an uninstall is triggered. Impact When a software package .pkg, .deb, .rpm, .exe, or .msi is uploaded...