Skip to main content

Fleet CVE-2019-1020009

HIGH
Insufficiently Protected Credentials (CWE-522)
2019-07-29 josh@bress.net
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jul 29, 2019 - 15:15 nvd
HIGH 7.5

DescriptionNVD

Fleet before 2.1.2 allows exposure of SMTP credentials.

AnalysisAI

Fleet before 2.1.2 allows exposure of SMTP credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Insufficiently Protected Credentials (CWE-522), which allows attackers to obtain user credentials due to weak protection mechanisms. Affected products include: Kolide Fleet. Version information: before 2.1.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Hash passwords with strong algorithms (bcrypt, argon2), encrypt credentials in transit and at rest, never log credentials.

More in Fleet

View all
CVE-2026-23518 CRITICAL
9.8 Jan 21

Fleet device management software has a signature verification bypass that allows attackers to install malicious firmware

CVE-2020-26276 CRITICAL
9.8 Dec 17

Fleet is an open source osquery manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable,

CVE-2026-26186 HIGH
8.8 Feb 26

SQL injection in Fleet device management software before version 4.80.1 allows authenticated users to manipulate the ord

CVE-2026-23517 HIGH
8.1 Jan 21

Fleet device management software versions prior to 4.78.3 suffer from broken access control that permits any authenticat

CVE-2022-24841 HIGH
8.1 Apr 18

fleetdm/fleet is an open source device management, built on osquery. Rated high severity (CVSS 8.1), this vulnerability

CVE-2026-27465 MEDIUM
6.5 Feb 26

Fleet versions up to 4.80.1 contains a vulnerability that allows attackers to unauthorized access to Google Calendar res

CVE-2026-25963 MEDIUM
6.5 Feb 26

Fleet device management software versions before 4.80.1 contain an authorization bypass in the certificate template dele

CVE-2026-23999 MEDIUM
5.5 Feb 26

Fleet's device lock and wipe PIN generation relies on predictable timestamps without additional entropy, allowing attack

CVE-2026-22808 MEDIUM
5.4 Jan 21

fleetdm/fleet is open source device management software. [CVSS 5.4 MEDIUM]

CVE-2026-24004 MEDIUM
5.3 Feb 26

Fleet's Android MDM Pub/Sub endpoint fails to authenticate requests prior to version 4.80.1, allowing unauthenticated at

CVE-2021-21296 LOW
2.7 Feb 10

Fleet is an open source osquery manager. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low

Share

CVE-2019-1020009 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy