CVE-2023-32188

Oct. 16, 2024, 4:38 p.m.

None
No Score

Description

A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.

Product(s) Impacted

Product Versions
NeuVector

Weaknesses

CWE-1270
Generation of Incorrect Security Tokens
The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect.

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32188
https://github.com/neuvector/neuvector/security/advisories/GHSA-622h-h2p8-743x

Tags

2024-10-16
meissner@suse.de
CVE-2023-32188
CWE-1270

Date

  • Published: Oct. 16, 2024, 9:15 a.m.
  • Last Modified: Oct. 16, 2024, 4:38 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

meissner@suse.de

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.