Mender
Source repositories
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-37019 | Cri | 0.64 | 9.8 | 0.01 | Jun 3, 2024 | Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication. | ||
| CVE-2024-55959 | Cri | 0.59 | 9.1 | 0.01 | Jan 21, 2025 | Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions. | ||
| CVE-2022-45929 | Hig | 0.57 | 8.8 | 0.00 | Jun 20, 2024 | Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user. | ||
| CVE-2024-46947 | Med | 0.42 | 6.5 | 0.00 | Nov 8, 2024 | Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF. | ||
| CVE-2022-41324 | Med | 0.42 | 6.5 | 0.00 | Jun 20, 2024 | Northern.tech Mender 3.3.x before 3.3.2 and 3.4.x before 3.4.0 has Incorrect Access Control and allows low-privileged users default read access to some sensitive device information. | ||
| CVE-2025-67903 | Med | 0.34 | 5.3 | 0.00 | May 27, 2026 | Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass. | ||
| CVE-2024-46948 | Med | 0.28 | 4.3 | 0.00 | Nov 8, 2024 | Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control. | ||
| CVE-2022-32290 | Med | 0.28 | 4.3 | 0.00 | Jul 6, 2022 | The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network… |
- risk 0.64cvss 9.8epss 0.01
Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication.
- risk 0.59cvss 9.1epss 0.01
Northern.tech Mender Client 4.x before 4.0.5 has Insecure Permissions.
- risk 0.57cvss 8.8epss 0.00
Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user.
- risk 0.42cvss 6.5epss 0.00
Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF.
- risk 0.42cvss 6.5epss 0.00
Northern.tech Mender 3.3.x before 3.3.2 and 3.4.x before 3.4.0 has Incorrect Access Control and allows low-privileged users default read access to some sensitive device information.
- risk 0.34cvss 5.3epss 0.00
Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass.
- risk 0.28cvss 4.3epss 0.00
Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control.
- risk 0.28cvss 4.3epss 0.00
The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network…