Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SAML authentication vulnerability due to improper SAML response validation
Vulnerability Description
fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to forge authentication assertions, provision a new administrative user account if Just-In-Time (JIT) provisioning is enabled, or create new accounts tied to forged assertions if f MDM enrollment is enabled. This vulnerability is fixed in 4.64.2, 4.63.2, 4.62.4, and 4.58.1.
CVSS Information
N/A
Vulnerability Type
授权机制不恰当
Vulnerability Title
Fleet 授权问题漏洞
Vulnerability Description
Fleet是Fleet的一个开源的设备管理平台,支持多种操作系统和设备,帮助 IT 和安全团队进行设备管理、漏洞报告、MDM 等操作,免费且灵活。 Fleet 4.64.2之前版本存在授权问题漏洞,该漏洞源于攻击者可以伪造SAML响应以进行身份验证断言,可能导致创建新的管理员账户。
CVSS Information
N/A
Vulnerability Type
N/A