CNNVD-202601-3338 Information
CNNVD ID
CNNVD-202601-3338
Related CVE
- CNNVD Published: 2026-01-21
Description (Chinese)
Fleet是Fleet的一个开源的设备管理平台,支持多种操作系统和设备,帮助 IT 和安全团队进行设备管理、漏洞报告、MDM 等操作,免费且灵活。 Fleet存在安全漏洞,该漏洞源于访问控制不当,可能导致低权限用户访问敏感服务器内部信息并触发资源密集型操作。以下版本受到影响:4.78.3之前版本、4.77.1之前版本、4.76.2之前版本、4.75.2之前版本和4.53.3之前版本。
Description (English)
Fleet is an open-source equipment management platform for Fleet, which supports multiple operating systems and equipment and assists IT and security teams in equipment management, gap reporting, MDM, etc., free of charge and flexible. There is a security loophole in Fleet, which stems from inadequate access controls, which may result in low-authorized users accessing internal information on sensitive servers and trigger resource-intensive operations. The following versions have been affected: pre 4.78.3, pre 4.77.1, pre 4.76.2, pre 4.75.2 and pre 4.53.3.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Fleet
Published
2026-01-21
Last Modified
2026-02-24
References
https://github.com/fleetdm/fleet/commit/5c030e32a3a9bc512355b5e1bf19636e4e6d0317 https://github.com/fleetdm/fleet/security/advisories/GHSA-4r5r-ccr6-q6f6 https://access.redhat.com/security/cve/cve-2026-23517
Patch
https://github.com/fleetdm/fleet/releases
Share on: