Lucene search
+L

5 matches found

OSV
OSV
added 2026/06/26 8:30 p.m.2 views

GHSA-GM7F-V959-FR2G Fleet DM Vulnerable to Cross-Team Policy Data Exposure via Global Policy Read Endpoint

Summary The global policy read endpoint GET /api/latest/fleet/policies/policyid performs authorization against an empty fleet.Policy struct with nil TeamID, then fetches any policy by ID from the database without verifying the fetched policy actually belongs to the global scope. This allows a use...

4.3CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/12 9:0 p.m.4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the orderkey parameter in the labels host-listing endpoint. An attacker can extract sensitive enrollment secrets by manipulating the sort order and leveraging a cursor-based binary search oracle. This is only exploitab...

7.1CVSS6AI score0.00032EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 9:0 p.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the orderkey parameter in the labels host-listing endpoint. An attacker can extract sensitive enrollment secrets by manipulating the sort order and leveraging a cursor-based binary search oracle. This is only exploitab...

7.1CVSS6AI score0.00032EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 9:0 p.m.6 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the orderkey parameter in the labels host-listing endpoint. An attacker can extract sensitive enrollment secrets by manipulating the sort order and leveraging a cursor-based binary search oracle. This is only exploitab...

7.1CVSS6AI score0.00032EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 9:0 p.m.8 views

GHSA-VXM7-9X8V-8GM4 Fleet has observer-level enrollment secret extraction via ORDER BY oracle on labels host-listing endpoint

Summary A vulnerability in Fleet's labels host-listing endpoint allowed authenticated users with the lowest-privilege Observer role to extract host enrollment secrets nodekey, orbitnodekey through a cursor-based binary search oracle. The endpoint accepted a user-supplied orderkey parameter that w...

6.5CVSS5.4AI score0.00032EPSS
Exploits0References2
Rows per page
Query Builder