Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-22644

A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.

Published

2023-09-20T09:15:12.837

Last Modified

2024-11-21T07:45:07.143

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-1270
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application suse manager_server < 4.2.50-150300.3.66.5 Yes
Application suse manager_server < 4.3.58-150400.3.46.4 Yes
References