Northern.tech: Security Vulnerabilities
Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact.
CVSS Score
5.5
EPSS Score
0.003
Published
2022-03-10
The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure.
CVSS Score
5.5
EPSS Score
0.002
Published
2021-10-27
CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-10-27
The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled).
CVSS Score
7.5
EPSS Score
0.011
Published
2021-08-27
Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. This is fixed in 3.10.7, 3.12.3, and 3.15.0.
CVSS Score
6.1
EPSS Score
0.006
Published
2020-04-16
Page 2