CVE-2023-22644: JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
First published: Wed Sep 20 2023(Updated: )
A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.
Credit: meissner@suse.de meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Manager Server | >=4.2<4.2.50-150300.3.66.5 | |
| SUSE Manager Server | >=4.3<4.3.58-150400.3.46.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-22644?
CVE-2023-22644 is an Innsertion of Sensitive Information into Log File vulnerability affecting SUSE Manager Server Module 4.2 and 4.3.
How does CVE-2023-22644 impact SUSE Manager Server?
CVE-2023-22644 causes sensitive information to be logged in SUSE Manager Server.
What is the severity of CVE-2023-22644?
The severity of CVE-2023-22644 is medium, with a severity value of 5.5.
How can I fix CVE-2023-22644?
To fix CVE-2023-22644, update SUSE Manager Server Module 4.2 to version 4.2.50-150300.3.66.5 or later, and SUSE Manager Server Module 4.3 to version 4.3.58-150400.3.46.4 or later.
What is the CWE of CVE-2023-22644?
The CWE (Common Weakness Enumeration) of CVE-2023-22644 is 532.
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/title
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/suse
- canonical/suse manager server
- version/suse manager server/4.2
- version/suse manager server/4.3