PT-2024-11728 · Northern.Tech · Mender
Ole Herman S. Elgesem
·
Published
2024-06-20
·
Updated
2024-07-03
·
CVE-2022-45929
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Northern.tech Mender versions 3.3.x through 3.3.1
Northern.tech Mender versions 3.4.x through 3.4.0
Northern.tech Mender versions 3.5.x through 3.5.0
Northern.tech Mender versions 3.6.x through 3.6.0
Description
The issue is related to Incorrect Access Control, allowing users to change their roles, which could lead to privilege escalation from a low-privileged read-only user to a high-privileged user. This also allows low-privileged users to have default read access to some sensitive device information.
Recommendations
For Northern.tech Mender versions 3.3.x through 3.3.1, update to version 3.3.2 or later.
For Northern.tech Mender versions 3.4.x through 3.4.0, update to version 3.4.0 or later.
For Northern.tech Mender versions 3.5.x through 3.5.0, update to version 3.5.0 or later.
For Northern.tech Mender versions 3.6.x through 3.6.0, update to version 3.6.0 or later.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mender