CVE-2022-45929

high

Description

Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user.

References

https://northern.tech

https://mender.io/blog/cve-2022-45929-cve-2022-41324-improper-access-control-for-low-privileged-users

Details

Source: Mitre, NVD

Published: 2024-06-20

Updated: 2024-07-03

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

Detections

Analytics