CVE-2022-24841
Last modified
CVE-2022-24841 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. fleetdm/fleet is an open source device management, built on osquery. All versions of fleet making use of the teams feature are affected by this authorization bypass issue. EPSS estimates a 0.79% chance of exploitation in the next 30 days.
Description
fleetdm/fleet is an open source device management, built on osquery. All versions of fleet making use of the teams feature are affected by this authorization bypass issue. Fleet instances without teams, or with teams but without restricted team accounts are not affected. In affected versions a team admin can erroneously add themselves as admin, maintainer or observer on other teams. Users are advised to upgrade to version 4.13. There are no known workarounds for this issue.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Fleetdm | Fleet | < 4.13 |
References
- https://github.com/fleetdm/fleet/commit/da171d3b8d149c30b8307723cbe6b6e8847cb30cPatch, Third Party Advisory
- https://github.com/fleetdm/fleet/security/advisories/GHSA-pr2g-j78h-84crThird Party Advisory
- https://github.com/fleetdm/fleet/commit/da171d3b8d149c30b8307723cbe6b6e8847cb30cPatch, Third Party Advisory
- https://github.com/fleetdm/fleet/security/advisories/GHSA-pr2g-j78h-84crThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-24841?
How severe is CVE-2022-24841?
How do I fix CVE-2022-24841?
Are you affected by CVE-2022-24841?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST