Lucene search
K

4 matches found

Snyk
Snyk
added 2026/05/14 9:25 p.m.6 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to improper validation of JWT aud and iss claims in the Windows MDM authentication flow. An attacker can enroll unauthorized devices by presenting a valid Microsoft-signed Azure AD token from any tenant. This is...

8.2CVSS5.5AI score0.00381EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 8:22 p.m.6 views

Exposure of Data Element to Wrong Session

Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session in the MDM command processing while handling SyncML status code. An attacker can obtain sensitive configuration data belonging to other devices such as WiFi credentials, VPN secrets, and...

8.7CVSS5.9AI score0.00161EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 7:19 p.m.2 views

CVE-2026-34391

Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets...

8.7CVSS5.9AI score0.00161EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/20 8:55 p.m.6 views

GHSA-63M5-974W-448V Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment

Summary A vulnerability in Fleet’s Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not verified, Fleet could accept attacker-controlled identity claims, enabling enrollment of unauthorized...

9.3CVSS5.8AI score0.00226EPSS
Exploits0References5
Rows per page
Query Builder