NeuVector JWT Token Forgery (CVE-2023-22644) Enables RCE
CVE-2023-22644 Published on September 20, 2023
JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.
Weakness Type
Generation of Incorrect Security Tokens
The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect.
Products Associated with CVE-2023-22644
Want to know whenever a new CVE is published for Suse Manager Server? stack.watch will email you.
Affected Versions
SUSE neuvector:- Before 0.0.0-20231003121714-be746957ee7c is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.