CVE-2023-32188

Oct. 16, 2024, 4:38 p.m.

Tags

2024-10-16
meissner@suse.de
CVE-2023-32188
CWE-1270

Product(s) Impacted

NeuVector

Description

A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.

Weaknesses

CWE-1270
Generation of Incorrect Security Tokens

The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect.

CWE ID: 1270

Date

Published: Oct. 16, 2024, 9:15 a.m.

Last Modified: Oct. 16, 2024, 4:38 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

meissner@suse.de

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32188
meissner@suse.de
https://github.com/neuvector/neuvector/security/advisories/GHSA-622h-h2p8-743x
meissner@suse.de