empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update Security-audits.md (#12057)

Browse Source
This commit is contained in:
Dave Herder 2023-06-21 11:26:49 -07:00 committed by GitHub
parent d08cc18111
commit 08a0a4ec48
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/Using-Fleet/Security-audits.md
View File

@ -65,7 +65,7 @@ We also opened an issue a few weeks ago to investigate adding a feature to Fleet
| ----------- | -------------- |
| Enumeration | Low risk |
User enumeration by a logged-in user is not a critical issue. Still, when it is done by a user with minimal privileges, such as a team observer, it is a leak of information, and depending on why you use teams, it might be a problem. For this reason, we are planning to make only team administrators able to enumerate users, so they can add them to their own teams. Feel free to comment on [this issue](https://github.com/fleetdm/fleet/issues/5657).
User enumeration by a logged-in user is not a critical issue. Still, when done by a user with minimal privileges (such as a team observer), it is a leak of information, and might be a problem depending on how you use teams. For this reason, only team administrators are able to enumerate users as of Fleet 4.31.0.
#### 9 - Information disclosure via default content
| Type | Lares Severity |