CVE-2021-35342

EUVD-2021-21985
The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
northern.techuseradm
1.14.0
northern.techuseradm
1.13.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://mender.io/blog/cve-2021-35342-useradm-logout-vulnerabililty
https://northern.tech/our-products
https://mender.io/blog/cve-2021-35342-useradm-logout-vulnerabililty
https://northern.tech/our-products