What is CVE-2021-21296?

CVE-2021-21296 is a low-severity vulnerability in Fleetdm Fleet, classified under Uncontrolled Resource Consumption. CVSS score: 2.7/10. Published 2021-02-10.

How severe is CVE-2021-21296?

Low severity. CVSS v3 base score is 2.7 out of 10.

Resource exhaustion in Fleetdm Fleet

CVE-2021-21296

Fleet is an open source osquery manager. In Fleet before version 3.7.0 a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in denial of service. This is possible only w…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.007 (72.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.7 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L.

Affected products

Fleetdm Fleet — versions < 3.7.0

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

github.com/fleetdm/fleet/security/advisories/GHSA-xwh8-9p3f-3x45 (x_refsource_CONFIRM)
www.npmjs.com/package/fleetctl (x_refsource_MISC)
github.com/fleetdm/fleet/commit/f68f4238e83b45b2164e4ed05df14af0f06eaf40 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-21296?: CVE-2021-21296 is a low-severity vulnerability in Fleetdm Fleet, classified under Uncontrolled Resource Consumption. CVSS score: 2.7/10. Published 2021-02-10.
How severe is CVE-2021-21296?: Low severity. CVSS v3 base score is 2.7 out of 10.