CVE-2022-29556

Name of the Vulnerable Software and Affected Versions Mender Enterprise versions 1.0.0 through 3.2.1 iot-manager microservice version 1.0.0

Description The issue allows Server-Side Request Forgery (SSRF) due to the Azure IoT Hub integration in the iot-manager microservice, which provides primitives that can execute cross-tenant actions via internal API endpoints.

Recommendations For Mender Enterprise versions 1.0.0 through 3.2.1, update to version 3.2.2 or later to resolve the issue. For iot-manager microservice version 1.0.0, update to a version that is bundled with Mender Enterprise 3.2.2 or later.