14 matches found
SUSE CVE-2026-29180
Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control...
CVE-2026-29180
Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control...
EUVD-2026-16746
A Fleet team maintainer can transfer hosts from any team via missing source team authorization...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the host transfer API due to missing authorization checks on the source team. An attacker can gain unauthorized control over hosts belonging to other teams by initiating a transfer, resulting in the ability to...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the host transfer API due to missing authorization checks on the source team. An attacker can gain unauthorized control over hosts belonging to other teams by initiating a transfer, resulting in the ability to...
GHSA-M2H6-4XPQ-QW3M A Fleet team maintainer can transfer hosts from any team via missing source team authorization
Summary A broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control over the stolen hosts, including the ability to execute...
A Fleet team maintainer can transfer hosts from any team via missing source team authorization
Summary A broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control over the stolen hosts, including the ability to execute...
CVE-2026-29180
Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control...
CVE-2026-29180 Fleet's team maintainer can transfer hosts from any team via missing source team authorization
Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control...
CVE-2026-29180 Fleet's team maintainer can transfer hosts from any team via missing source team authorization
Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control...
CVE-2026-29180
Fleet is an open-source device management platform. Before version 4.81.1, a broken access control in Fleet’s host transfer API allows a team maintainer to transfer hosts from any team into their own, bypassing team isolation. Once transferred, the attacker gains full control over the stolen host...
Fleet 安全漏洞
Fleet is Fleet Device Management open source a device management platform that supports a wide range of operating systems and devices to help IT and security teams with device management, vulnerability reporting, MDM and more. An access control error vulnerability exists in Fleet versions prior t...
PT-2026-28387
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.1 Description Fleet is open source device management software. A broken access control vulnerability exists in the host transfer API. A team maintainer can transfer hosts from any team into their own team, bypassin...
In parties with more than one host, a single host can bypass the execution delay of a proposal by transferring his host status to other addresses of his.
Lines of code Vulnerability details The Vulnerability After a proposal has gathered enough votes to pass, it waits through a period defined in the governance values named executionDelay. That executionDelay period is bypassed and the proposal can be executed immediately if ALL hosts of the party...