The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled).
References
Link | Resource |
---|---|
https://mender.io/blog/cve-2021-35342-useradm-logout-vulnerabililty | Third Party Advisory |
https://northern.tech/our-products | Product Vendor Advisory |
Information
Published : 2021-08-27 03:15
Updated : 2021-09-01 10:49
NVD link : CVE-2021-35342
Mitre link : CVE-2021-35342
JSON object : View
CWE
CWE-613
Insufficient Session Expiration
Products Affected
northern.tech
- mender
- useradm