CVE-2023-32188
JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Description
### Impact A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. ### Patches Upgrade to NeuVector [version 5.2.2](https://open-docs.neuvector.com/releasenotes/5x) or later and latest Helm chart (2.6.3+). + In 5.2.2 the certificate for JWT-signing is created automatically by controller with validity of 90days and rotated automatically. + Use Helm-based deployment/upgrade to 5.2.2 to generate a unique certificate for Manager, REST API, ahd registry adapter. Helm based installation/upgrade is required in order to automatically generate certificates upon initial installation and each subsequent upgrade. + See [release notes](https://open-docs.neuvector.com/releasenotes/5x) for manual/yaml based deployment advice. + 5.2.2 also implements additional protections against possible RCE for the feature of custom compliance scripts. ### Workarounds Users can replace the Manager & Controller certificate manually by following the instructions in documented [here](https://open-docs.neuvector.com/configuration/console/replacecert). However, upgrading to 5.2.2 and replacing Manager/REST API certificate is recommended to provide additional security enhancements to prevent possible attempted exploit and resulting RCE. See [release notes](https://open-docs.neuvector.com/releasenotes/5x) for additional details. ### Credits Thank you to [Dejan Zelic](https://dejandayoff.com/) at [Offensive Security](https://www.offsec.com/) for responsibly reporting this vulnerability. ### For More Information View the NeuVector [Security Policy](https://github.com/neuvector/neuvector/security) General NeuVector [documentation](https://open-docs.neuvector.com/)
How to fix CVE-2023-32188
To remediate CVE-2023-32188, upgrade the affected package to a fixed version below.
- —upgrade to 0.0.0-20231003121714-be746957ee7c or later
Is CVE-2023-32188 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.