Mender blog

x

    Articles by Ole Elgesem

      CVE
      CVE-2024-46947 & CVE-2024-47190 - SSRF issues in Mender Enterprise Server

      CVE-2024-46947 & CVE-2024-47190 - SSRF issues in Mender Enterprise Server

      Recently discovered security vulnerabilities in Mender Server have been fixed.
      | 3 min read
      CVE
      CVE-2024-46948 - Missing filtering based on RBAC device groups

      CVE-2024-46948 - Missing filtering based on RBAC device groups

      A customer recently notified us of a security issue in Mender. For users of RBAC and device groups, one specific API did not filter devices correctly.
      | 1 min read
      CVE
      CVE-2024-37019 - Account takeover using SAML

      CVE-2024-37019 - Account takeover using SAML

      CVE-2024-37019 is an account-takeover vulnerability in Mender Enterprise which was fixed in versions 3.6.4 and 3.7.4.
      | 2 min read
      CVE
      CVE-2022-45929 & CVE-2022-41324 — Improper access control for low-privileged users

      CVE-2022-45929 & CVE-2022-41324 — Improper access control for low-privileged users

      We recently discovered vulnerabilities in Mender Enterprise which relate to access control. Low-privileged read-only users had access to editing settings they were not supposed to edit and see potentially sensitive information which was not necessary.
      | 2 min read