7.5
CVE-2021-35342
- EPSS 1.11%
- Veröffentlicht 27.08.2021 10:15:07
- Zuletzt bearbeitet 21.11.2024 06:12:14
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Northern.Tech ≫ Useradm Version1.14.0
Northern.Tech ≫ Useradm Version1.13.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.11% | 0.616 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-613 Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
https://mender.io/blog/cve-2021-35342-useradm-logout-vulnerabililty
https://northern.tech/our-products