Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Vulnerability Description
A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.
CVSS Information
N/A
Vulnerability Type
CWE-1270
Vulnerability Title
NeuVector 安全漏洞
Vulnerability Description
NeuVector是美国NeuVector公司的一套端到端的容器安全平台。该平台包括图像漏洞管理、准入控制和容器进程/文件系统保护等功能。 NeuVector 0.0.0-20230930010431-57d107118e92之前版本存在安全漏洞,该漏洞源于用户可以反向工程用于Manager和API访问的身份验证JWT令牌,伪造有效的令牌以执行恶意活动,导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A