The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled).
References
Link | Resource |
---|---|
https://mender.io/blog/cve-2021-35342-useradm-logout-vulnerabililty | Third Party Advisory |
https://northern.tech/our-products | Product Vendor Advisory |
Configurations
History
No history.
Information
Published : 2021-08-27 10:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-35342
Mitre link : CVE-2021-35342
CVE.ORG link : CVE-2021-35342
JSON object : View
Products Affected
northern.tech
- mender
- useradm
CWE
CWE-613
Insufficient Session Expiration