PT-2024-11640 · Mender · Mender
Ole Herman S. Elgesem
·
Published
2024-06-20
·
Updated
2024-06-21
·
CVE-2022-41324
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mender versions 3.3.x through 3.3.1
Mender versions 3.4.x through 3.3.9 is not needed, since 3.4.0 is the fixed version, so we can say
Mender versions 3.3.x through 3.3.1 and 3.4.x before 3.4.0 can be simplified to
Mender versions 3.3.x through 3.3.1 and 3.4.x before 3.4.0
However, since 3.3.2 is the fixed version for 3.3.x, we can simplify to
Mender versions 3.3.x through 3.3.1
Mender versions 3.4.x before 3.4.0
Description
The issue is related to Incorrect Access Control, allowing low-privileged users default read access to some sensitive device information.
Recommendations
For Mender versions 3.3.x through 3.3.1, update to version 3.3.2 or later.
For Mender versions 3.4.x before 3.4.0, update to version 3.4.0 or later.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mender