CVE-2021-35342

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-35342
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-35342.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-35342
Published
2021-08-27T10:15:07Z
Modified
2024-09-03T03:51:16.958467Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled).

References

Affected packages

Git / github.com/mendersoftware/useradm

Affected ranges

Type
GIT
Repo
https://github.com/mendersoftware/useradm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected

Affected versions

1.*

1.10.0b1
1.12.0
1.13.0
1.13.1
1.14.0
1.14.1
1.3.0
1.3.0b1
1.4.0
1.4.0b1
1.5.0
1.5.0b1
1.6.0
1.6.0b1
1.7.0
1.7.0b1
1.8.0
1.8.0b1
1.9.0
1.9.0b1

internal-v2020.*

internal-v2020.02