CVE-2022-45929

EUVD-2022-48773
Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
northern.techmender
3.3.x ≤
𝑥
< 3.3.2
ADP
northern.techmender
3.5.x ≤
𝑥
< 3.5.0
ADP
northern.techmender
3.6.x ≤
𝑥
< 3.6.0
ADP
Common Weakness Enumeration
References
https://mender.io/blog/cve-2022-45929-cve-2022-41324-improper-access-control-for-low-privileged-users
https://northern.tech
https://mender.io/blog/cve-2022-45929-cve-2022-41324-improper-access-control-for-low-privileged-users
https://northern.tech