Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT token after logout, because of missing invalidation (if the JWT verification cache is enabled).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
useradm 代码问题漏洞
Vulnerability Description
useradm是用于在 Mender 生态系统中管理用户数据和身份验证的微服务。 useradm 存在安全漏洞,该漏洞源于服务凭证没有失效,允许用户在注销后使用他们的JWT令牌访问系统。以下产品及版本收到影响:useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1)。
CVSS Information
N/A
Vulnerability Type
N/A