CVE 1 min read

CVE-2021-35342 - useradm incorrect access control vulnerability

We recently discovered a vulnerability in Mender Enterprise, thanks to the security researcher Mubassir Kamdar, and we have now fixed it.

When the User Administration service was configured to cache the user's JWT token verification, the token wasn't fully invalidated on log out, making it possible to issue new API calls to the backend despite being logged out. The security issue affects Mender Enterprise 2.6.0 and 2.7.0, and we fixed it in Mender Enterprise 2.6.1 and 2.7.1. Open-source versions of Mender are not affected, as they do not include the caching features.

The security of the Mender product and our users is something we take very seriously. We will continue to look for, fix and responsibly disclose serious weaknesses in our product(s).

In the official public CVE registry, the issue's ID is CVE-2021-35342. If you have any questions or concerns, please get in touch with the Mender support if you have a support contract or email security@northern.tech.

Recent articles

Case Studies
How over-the-air (OTA) updates help emergency response teams

How over-the-air (OTA) updates help emergency response teams

Discover how over-the-air (OTA) updates revolutionize emergency response teams, ensuring secure and seamless device maintenance and functionality in critical situations.
| 4 min read
events
What’s hot in the open source and embedded community?

What’s hot in the open source and embedded community?

AI, robotics, IoT, AVs, and more – 2024 is proving to be an exciting year for technology. And the open source and embedded tech community is no exception.
| 5 min read
IOT & OTA
How to use over-the-air (OTA) updates & NVIDIA Jetson Microservices

How to leverage over-the-air (OTA) updates with NVIDIA Microservices for Jetson

Mender, in collaboration with NVIDIA, published two critical use cases, providing a step-by-step guide to over-the-air (OTA) updates with NVIDIA Jetson.
| 3 min read
View more articles

Learn more about Mender

Explore our Resource Center to discover more about how Mender empowers both you and your customers with secure and reliable over-the-air updates for IoT devices.

Resource Center
 
sales-pipeline_295756365