5 matches found
GHSA-GM7F-V959-FR2G Fleet DM Vulnerable to Cross-Team Policy Data Exposure via Global Policy Read Endpoint
Summary The global policy read endpoint GET /api/latest/fleet/policies/policyid performs authorization against an empty fleet.Policy struct with nil TeamID, then fetches any policy by ID from the database without verifying the fetched policy actually belongs to the global scope. This allows a use...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the orderkey parameter in the labels host-listing endpoint. An attacker can extract sensitive enrollment secrets by manipulating the sort order and leveraging a cursor-based binary search oracle. This is only exploitab...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the orderkey parameter in the labels host-listing endpoint. An attacker can extract sensitive enrollment secrets by manipulating the sort order and leveraging a cursor-based binary search oracle. This is only exploitab...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the orderkey parameter in the labels host-listing endpoint. An attacker can extract sensitive enrollment secrets by manipulating the sort order and leveraging a cursor-based binary search oracle. This is only exploitab...
GHSA-VXM7-9X8V-8GM4 Fleet has observer-level enrollment secret extraction via ORDER BY oracle on labels host-listing endpoint
Summary A vulnerability in Fleet's labels host-listing endpoint allowed authenticated users with the lowest-privilege Observer role to extract host enrollment secrets nodekey, orbitnodekey through a cursor-based binary search oracle. The endpoint accepted a user-supplied orderkey parameter that w...