Northern.tech: >> Mender >> 2.6.0 Security Vulnerabilities
The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-04-28
The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled).
CVSS Score
7.5
EPSS Score
0.002
Published
2021-08-27