Vulnerability Details : CVE-2023-22644
A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.
Products affected by CVE-2023-22644
- cpe:2.3:a:suse:manager_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:suse:manager_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-22644
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-22644
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.8
|
LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
2.0
|
1.4
|
SUSE | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
SUSE | 2024-10-15 |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST | |
8.4
|
HIGH | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/V... |
N/A
|
N/A
|
SUSE | 2024-10-15 |
9.4
|
CRITICAL | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/V... |
N/A
|
N/A
|
SUSE | 2024-10-15 |
8.7
|
HIGH | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/V... |
N/A
|
N/A
|
SUSE | 2024-10-15 |
CWE ids for CVE-2023-22644
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: meissner@suse.de (Primary)
-
The product writes sensitive information to a log file.Assigned by: meissner@suse.de (Primary)
-
The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect.Assigned by: meissner@suse.de (Primary)
References for CVE-2023-22644
-
https://github.com/rancher/rancher/security/advisories/GHSA-9ghh-mmcq-8phc
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider · Advisory · rancher/rancher · GitHub
-
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22644
1209434 – (CVE-2023-22644) AUDIT-TRACKER: CVE-2023-22644: SUMA: Check for potential leaks in log fileIssue Tracking
-
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32188
Bug Access Denied
-
https://github.com/rancher/rancher/security/advisories/GHSA-xfj7-qf8w-2gcr
Rancher 'Audit Log' leaks sensitive information · Advisory · rancher/rancher · GitHub
-
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22649
1210529 – (CVE-2023-22649) VUL-0: CVE-2023-22649: Rancher: audit logs printing "X-Api-Tunnel-Params" AND "X-Api-Tunnel-Token"
-
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22650
1210530 – (CVE-2023-22650) VUL-0: CVE-2023-22650: Rancher: Does not automatically clean up a user deleted from the configured Authentication Provider
-
https://github.com/neuvector/neuvector/security/advisories/GHSA-622h-h2p8-743x
JWT token compromise can allow malicious actions including Remote Code Execution (RCE) · Advisory · neuvector/neuvector · GitHub
Jump to