1 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead of only the localhost interface. Therefore, any client on the same network can connect to this TCP port and send HTTP requests. The Mender Client will forward these requests to the Mender Server. • https://mender.io/blog/cve-2022-32290-mender-client-listening-on-all-the-interfaces https://northern.tech • CWE-863: Incorrect Authorization •