Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 21:47:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 117

Editor pass - Publish pentest blog + Security-audits.md section (#5773)

Browse source 
Editor pass for:
-  https://github.com/fleetdm/fleet/pull/5659
This commit is contained in:
Desmi-Dizney 2022-05-17 11:22:31 -05:00 committed by GitHub
parent a9c3b55db6
commit 73bf0b17d7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
articles/security-testing-at-fleet-fleet-pentest.md
View file

@ -1,7 +1,7 @@
# Penetration testing of Fleet (April 2022) # Penetration testing of Fleet (April 2022)
We have recently had Lares perform penetration testing on our internal instance of Fleet. This test was performed on 4.12 Its the test that unveiled some authorization issues identified in this [advisory](https://github.com/fleetdm/fleet/security/advisories/GHSA-pr2g-j78h-84cr) and resolved in 4.13. We have recently had Lares perform penetration testing on our internal instance of Fleet. Lares performed the last test on 4.12. This test unveiled some authorization issues identified in this [advisory](https://github.com/fleetdm/fleet/security/advisories/GHSA-pr2g-j78h-84cr) and resolved in 4.13.
As promised when we published the [Orbit audit](https://github.com/fleetdm/fleet/blob/26daf00e5a8ce509371f33065ebf06eecf50c557/docs/files/2021-04-26-orbit-auto-updater-assessment.pdf) and said wed post other audit and pentest reports, we are now publishing the full report. The most critical issues have been resolved in 4.13, and others are being tracked and prioritized. As promised when we published the [Orbit audit](https://github.com/fleetdm/fleet/blob/26daf00e5a8ce509371f33065ebf06eecf50c557/docs/files/2021-04-26-orbit-auto-updater-assessment.pdf) and said wed post other audit and pentest reports, we are now publishing the full report. We resolved the most critical issues in 4.13, and we continue to track and prioritize the others.
Small redacted sections are present in the PDF as we are hiding some internal email addresses to Small redacted sections are present in the PDF as we are hiding some internal email addresses to
save ourselves from receiving more spam. save ourselves from receiving more spam.
@ -36,4 +36,4 @@ If you have questions about this test or Fleet security, please join us on [Slac
<meta name="authorGitHubUsername" value="GuillaumeRoss"> <meta name="authorGitHubUsername" value="GuillaumeRoss">
<meta name="authorFullName" value="Guillaume Ross"> <meta name="authorFullName" value="Guillaume Ross">
<meta name="publishedOn" value="2022-05-10"> <meta name="publishedOn" value="2022-05-10">
<meta name="articleTitle" value="Penetration testing of Fleet (April 2022)"> <meta name="articleTitle" value="Penetration testing of Fleet (April 2022)">