CVE-2021-35342

The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
northern.techuseradm
1.14.0
northern.techuseradm
1.13.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://mender.io/blog/cve-2021-35342-useradm-logout-vulnerabililty
https://northern.tech/our-products
https://mender.io/blog/cve-2021-35342-useradm-logout-vulnerabililty
https://northern.tech/our-products