CVE-2022-45929

HIGH

Northern.tech Mender <3.3.2, <3.5.0, <3.6.0 - Privilege Escalation

Title source: llm

Description

Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user.

References (2)

Core 2

Core References

Various Sources

https://northern.tech

Various Sources

https://mender.io/blog/cve-2022-45929-cve-2022-41324-improper-access-control-for-low-privileged-users

Scores

CVSS v3 8.8

EPSS 0.0038

EPSS Percentile 30.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Published Jun 20, 2024

Tracked Since Feb 18, 2026