← back
CVE-2022-45929

CVE-2022-45929

CVSS 8.8 HIGHEPSS 0.4%CWE-284
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
20 Jun 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a