📦 Fleet

This vulnerability in Fleet's Windows MDM enrollment flow allows attackers to bypass authentication by submitting forged JWT tokens that aren't properly validated. This enables unauthorized device enr...

This vulnerability allows attackers to modify trusted SAML responses in Fleet osquery manager, enabling unauthorized logins through SSO authentication. It affects Fleet users who have configured SSO l...

Fleet device management software versions before 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 have broken access control that allows any authenticated user, including low-privilege Observer roles, to ac...

This vulnerability in Fleet's Android MDM Pub/Sub handling allows unauthenticated attackers to trigger device unenrollment events, causing targeted Android devices to be removed from Fleet management....

This vulnerability in Fleet device management software exposes Google Calendar service account credentials to authenticated low-privilege users. Attackers could gain unauthorized access to Google Cale...

This is a cross-site scripting (XSS) vulnerability in Fleet device management software that allows unauthenticated attackers to steal administrator authentication tokens when Windows MDM is enabled. T...