{"api_version":"1","generated_at":"2026-06-03T01:57:45+00:00","cve":"CVE-2021-35342","urls":{"html":"https://cve.report/CVE-2021-35342","api":"https://cve.report/api/cve/CVE-2021-35342.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-35342","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-35342"},"summary":{"title":"CVE-2021-35342","description":"The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled).","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2021-08-27 10:15:00","updated_at":"2021-09-01 17:49:00"},"problem_types":["CWE-613"],"metrics":[],"references":[{"url":"https://northern.tech/our-products","name":"https://northern.tech/our-products","refsource":"MISC","tags":[],"title":"Our products  | Northern.tech","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://mender.io/blog/cve-2021-35342-useradm-logout-vulnerabililty","name":"https://mender.io/blog/cve-2021-35342-useradm-logout-vulnerabililty","refsource":"MISC","tags":[],"title":"CVE-2021-35342 - useradm incorrect access control vulnerability | Mender","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-35342","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-35342","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"35342","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"northern.tech","cpe5":"mender","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"35342","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"northern.tech","cpe5":"useradm","cpe6":"1.13.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"35342","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"northern.tech","cpe5":"useradm","cpe6":"1.14.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-35342","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled)."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://northern.tech/our-products","refsource":"MISC","name":"https://northern.tech/our-products"},{"refsource":"MISC","name":"https://mender.io/blog/cve-2021-35342-useradm-logout-vulnerabililty","url":"https://mender.io/blog/cve-2021-35342-useradm-logout-vulnerabililty"}]}},"nvd":{"publishedDate":"2021-08-27 10:15:00","lastModifiedDate":"2021-09-01 17:49:00","problem_types":["CWE-613"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:northern.tech:useradm:1.14.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:a:northern.tech:mender:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"2.7.0","versionEndExcluding":"2.7.1","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:northern.tech:useradm:1.13.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:a:northern.tech:mender:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"2.6.0","versionEndExcluding":"2.6.1","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"35342","Ordinal":"210834","Title":"CVE-2021-35342","CVE":"CVE-2021-35342","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"35342","Ordinal":"1","NoteData":"The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled).","Type":"Description","Title":null},{"CveYear":"2021","CveId":"35342","Ordinal":"2","NoteData":"2021-08-27","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"35342","Ordinal":"3","NoteData":"2021-08-27","Type":"Other","Title":"Modified"}]}}}