CVE-2022-24841

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions fleetdm/fleet versions prior to 4.13

Description The issue is an authorization bypass problem that affects all versions of fleetdm/fleet that use the teams feature. Fleet instances without teams or with teams but without restricted team accounts are not affected. In affected versions, a team admin can erroneously add themselves as admin, maintainer, or observer on other teams.

Recommendations For versions prior to 4.13, upgrade to version 4.13 to resolve the issue. As a temporary workaround, consider restricting team admin privileges to prevent unauthorized access to other teams. Avoid using the teams feature with restricted team accounts until the issue is resolved.

Exploit

Fix

Improper Access Control

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-863

Related Identifiers

ALT-PU-2024-17045

CVE-2022-24841

GHSA-PR2G-J78H-84CR

Affected Products

Alt Linux

Fleet

CVE-2022-24841

Weakness Enumeration

Related Identifiers

Affected Products

References · 12