CNNVD-202601-3345 Information
CNNVD ID
CNNVD-202601-3345
Related CVE
- CNNVD Published: 2026-01-21
Description (Chinese)
Fleet是Fleet的一个开源的设备管理平台,支持多种操作系统和设备,帮助 IT 和安全团队进行设备管理、漏洞报告、MDM 等操作,免费且灵活。 Fleet存在跨站脚本漏洞,该漏洞源于跨站脚本漏洞,可能导致未经验证的攻击者窃取管理员身份验证令牌,从而获得未授权访问。以下版本受到影响:4.78.2版本之前版本、4.77.1版本之前版本、4.76.2版本之前版本、4.75.2版本之前版本和4.53.3版本之前版本。
Description (English)
Fleet is an open-source equipment management platform for Fleet, which supports multiple operating systems and equipment and assists IT and security teams in equipment management, gap reporting, MDM, etc., free of charge and flexible. Fleet had a cross-site script loophole, which stemmed from a cross-site script loophole, which could lead to unauthorized access by uncertified assailants who stole the administrator identification badge. The following versions were affected: pre-version 4.782, pre-version 4.771, pre-version 4.76.2, pre-version 4.75.2 and pre-version 4.55.3.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Fleet
Published
2026-01-21
Last Modified
2026-02-24
References
https://github.com/fleetdm/fleet/security/advisories/GHSA-gfpw-jgvr-cw4j https://access.redhat.com/security/cve/cve-2026-22808
Patch
https://github.com/fleetdm/fleet/releases
Share on: