CVE-2021-35342
HIGHNorthern.tech Mender Enterprise <2.7.1-2.6.1 - Auth Bypass
Title source: llmDescription
The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled).
References (2)
Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://northern.tech/our-products
Third Party Advisory x_refsource_misc
https://mender.io/blog/cve-2021-35342-useradm-logout-vulnerabililty
Scores
CVSS v3
7.5
EPSS
0.0103
EPSS Percentile
59.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-613
Status
published
Products (2)
northern.tech/useradm
1.14.0
northern.tech/useradm
1.13.0
Published
Aug 27, 2021
Tracked Since
Feb 18, 2026