CVE-2022-45929

Published: Jun 20, 2024Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user.

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

https://mender.io/blog/cve-2022-45929-cve-2022-41324-improper-access-control-for-low-privileged-users

Source: cve@mitre.org

https://northern.tech

Source: cve@mitre.org

https://mender.io/blog/cve-2022-45929-cve-2022-41324-improper-access-control-for-low-privileged-users

Source: af854a3a-2127-422b-91ae-364da2661108

https://northern.tech

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.