Impact of CVE-2021-31525 and CVE-2021-33194 on Mender

deffo · July 2, 2021, 12:55pm

Hi there!

How do you consider the impact of CVE-2021-31525 [1] and CVE-2021-33194 [2] on Mender? Do you think this is critical?

Best regards

[1] NVD - CVE-2021-31525
[2] NVD - CVE-2021-33194

drewmoseley · July 2, 2021, 1:39pm

@kacf do you have any thoughts here?

tranchitella · July 2, 2021, 1:46pm

The impact on the client is extremely low, as it only connects to the Mender server it trusts.
On the backend-side, it needs a bit of investigation to see which version is affected.
I’ll get back to this thread early next week.

Topic		Replies	Views
Impact of CVE-2021-38297 on Mender General Discussions yocto , security , dunfell	1	354	October 26, 2021
Impact of CVE-2021-29923 and CVE-2021-36221 on Mender General Discussions	1	258	August 26, 2021
Impact of CVE-2021-27918 on Mender General Discussions yocto , warrior , security	1	539	March 22, 2021
Impact of certain CVEs on Mender General Discussions yocto , security , dunfell	2	361	August 16, 2021
Impact of CVE-2021-3114 and CVE-2021-3115 on Mender General Discussions	3	410	February 5, 2021

Impact of CVE-2021-31525 and CVE-2021-33194 on Mender

Related Topics