JWT token compromise can allow malicious actions including Remote Code Execution (RCE)

CVE-2023-22644

5.5MEDIUM

Key Information

Vendor: Suse
Status: Neuvector
Vendor: CVE Published:; 20 September 2023

Summary

A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.

Affected Version(s)

neuvector < 0.0.0-20231003121714-be746957ee7c

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 3.8 to: 8.8 - (HIGH)
Oct 15, 2024
Risk change from: 5.5 to: 3.8 - (LOW)
Sep 24, 2024
Vulnerability published.
Sep 20, 2023
Vulnerability Reserved.
Jan 5, 2023

Collectors

NVD DatabaseMitre Database

Credit

Dejan Zelic at Offensive Security