Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint
Vulnerability Description
Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet management. If Android MDM is enabled, an attacker could send a crafted request to the Android Pub/Sub endpoint to unenroll a targeted Android device from Fleet without authentication. This issue does not grant access to Fleet, allow execution of commands, or provide visibility into device data. Impact is limited to disruption of Android device management for the affected device. Version 4.80.1 fixes the issue. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Android MDM.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
Fleet 安全漏洞
Vulnerability Description
Fleet是Fleet Device Management开源的一个设备管理平台,支持多种操作系统和设备,帮助 IT 和安全团队进行设备管理、漏洞报告、MDM 等操作。 Fleet 4.80.1之前版本存在安全漏洞,该漏洞源于Android MDM Pub/Sub处理存在缺陷,可能导致未经身份验证的请求触发设备取消注册事件。
CVSS Information
N/A
Vulnerability Type
N/A