CVE-2021-35342
Summary
| CVE | CVE-2021-35342 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-08-27 10:15:00 UTC |
| Updated | 2021-09-01 17:49:00 UTC |
| Description | The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled). |
Risk And Classification
Problem Types: CWE-613
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Northern.tech | Mender | All | All | All | All |
| Application | Northern.tech | Useradm | 1.13.0 | All | All | All |
| Application | Northern.tech | Useradm | 1.14.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Our products | Northern.tech | MISC | northern.tech | |
| CVE-2021-35342 - useradm incorrect access control vulnerability | Mender | MISC | mender.io | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.