CVE-2022-45929

June 20, 2024, 5:15 p.m.

Product(s) Impacted

Northern.tech Mender

  • 3.3.x before 3.3.2
  • 3.5.x before 3.5.0
  • 3.6.x before 3.6.0

Description

Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user.

Weaknesses

Date

Published: June 20, 2024, 5:15 p.m.

Last Modified: June 20, 2024, 5:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References