CVE-2023-22644
published 2023-09-20CVE-2023-22644: A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform…
critical9.4CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | neuvector_neuvector | >= 0 < 0.0.0-20231003121714-be746957ee7c | 0.0.0-20231003121714-be746957ee7c |
| suse | manager_server | >= 4.2 < 4.2.50-150300.3.66.5 | 4.2.50-150300.3.66.5 |
| suse | manager_server | >= 4.3 < 4.3.58-150400.3.46.4 | 4.3.58-150400.3.46.4 |
| suse | neuvector | < 0.0.0-20231003121714-be746957ee7c | 0.0.0-20231003121714-be746957ee7c |