Описание
The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled).
Ссылки
- Third Party Advisory
- ProductVendor Advisory
- Third Party Advisory
- ProductVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.7.0 (включая) до 2.7.1 (исключая)
Одновременно
cpe:2.3:a:northern.tech:useradm:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:northern.tech:mender:*:*:*:*:enterprise:*:*:*
Конфигурация 2Версия от 2.6.0 (включая) до 2.6.1 (исключая)
Одновременно
cpe:2.3:a:northern.tech:useradm:1.13.0:*:*:*:*:*:*:*
cpe:2.3:a:northern.tech:mender:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 43%
0.00208
Низкий
7.5 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-613
Связанные уязвимости
github
больше 3 лет назад
The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled).
EPSS
Процентиль: 43%
0.00208
Низкий
7.5 High
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-613