=====================================================================

                                CERT-Renater

                      Note d'Information No. 2023/VULN383

_____________________________________________________________________

DATE                : 10/10/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running neuvector versions prior to
                                         5.2.2.

=====================================================================
https://github.com/neuvector/neuvector/security/advisories/GHSA-622h-h2p8-743x
_____________________________________________________________________


JWT token compromise can allow malicious actions including Remote
Code Execution (RCE)

Critical
gkosaka published GHSA-622h-h2p8-743x
Package
neuvector

Affected versions
<5.2.2

Patched versions
>=5.2.2


Description

Impact

A user can reverse engineer the JWT token (JSON Web Token) used in
authentication for Manager and API access, forging a valid NeuVector
Token to perform malicious activity in NeuVector. This can lead to
an RCE.


Patches

Upgrade to NeuVector version 5.2.2 or later and latest Helm chart
(2.6.3+).

     In 5.2.2 the certificate for JWT-signing is created automatically
by controller with validity of 90days and rotated automatically.
     Use Helm-based deployment/upgrade to 5.2.2 to generate a unique
certificate for Manager, REST API, ahd registry adapter. Helm based
installation/upgrade is required in order to automatically generate
certificates upon initial installation and each subsequent upgrade.

     See release notes for manual/yaml based deployment advice.
     5.2.2 also implements additional protections against possible RCE
for the feature of custom compliance scripts.


Workarounds

Users can replace the Manager & Controller certificate manually by
following the instructions in documented here. However, upgrading to
5.2.2 and replacing Manager/REST API certificate is recommended to
provide additional security enhancements to prevent possible attempted
exploit and resulting RCE. See release notes for additional details.


Credits

Thank you to Dejan Zelic at Offensive Security for responsibly
reporting this vulnerability.


For More Information

View the NeuVector Security Policy

General NeuVector documentation


Severity
Critical

CVE ID
CVE-2023-32188

Weaknesses
No CWEs


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================