Category
CVE
CVE-2024-46947 & CVE-2024-47190 - SSRF issues in Mender Enterprise Server
Recently discovered security vulnerabilities in Mender Server have been fixed.
CVE-2024-46948 - Missing filtering based on RBAC device groups
A customer recently notified us of a security issue in Mender. For users of RBAC and device groups, one specific API did not filter devices correctly.
CVE-2024-37019 - Account takeover using SAML
CVE-2024-37019 is an account-takeover vulnerability in Mender Enterprise which was fixed in versions 3.6.4 and 3.7.4.
CVE-2022-45929 & CVE-2022-41324 — Improper access control for low-privileged users
We recently discovered vulnerabilities in Mender Enterprise which relate to access control. Low-privileged read-only users had access to editing settings they were not supposed to edit and see potentially sensitive information which was not necessary.
CVE-2022-32290 - Mender Client listening on all the interfaces
We recently discovered a vulnerability in the Mender Client versions 3.2.0, 3.2.1, and 3.2.2. The client listens on a random, unprivileged TCP port and exp
CVE-2022-29555 & CVE-2022-29556 - vulnerabilities in iot-manager and deviceconnect
We recently discovered two vulnerabilities in Mender, thanks to the security researchers April Chaire, Jeff Hofmann, Joey Perme, Nathaniel Singer and Matte
CVE-2021-35342 - useradm incorrect access control vulnerability
We recently discovered a vulnerability in Mender Enterprise, thanks to the security researcher Mubassir Kamdar, and we have now fixed it. When the User Adm