Common Weakness Enumeration

CWE-1270

Allowed

Generation of Incorrect Security Tokens

Abstraction: Base · Status: Incomplete

The product implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens generated in the system are incorrect.

9 vulnerabilities reference this CWE, most recent first.

CVE-2023-32188 (GCVE-0-2023-32188)

Vulnerability from cvelistv5 – Published: 2024-10-16 08:25 – Updated: 2024-10-16 17:25
VLAI
Title
JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Summary
A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1270 - Generation of Incorrect Security Tokens
Assigner
Impacted products
Vendor Product Version
SUSE neuvector Affected: 0 , < 0.0.0-20231003121714-be746957ee7c (semver)
Create a notification for this product.
neuvector neuvector Affected: 0 , < 0.0.0-20231003121714-be746957ee7c (semver)
    cpe:2.3:a:neuvector:neuvector:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2023-10-06 18:43
Credits
Dejan Zelic at Offensive Security
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:neuvector:neuvector:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "neuvector",
            "vendor": "neuvector",
            "versions": [
              {
                "lessThan": "0.0.0-20231003121714-be746957ee7c",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32188",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-16T16:27:04.384960Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-16T17:25:54.710Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "github.com/neuvector/neuvector",
          "product": "neuvector",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "0.0.0-20231003121714-be746957ee7c",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dejan Zelic at Offensive Security"
        }
      ],
      "datePublic": "2023-10-06T18:43:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE."
            }
          ],
          "value": "A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1270",
              "description": "CWE-1270 Generation of Incorrect Security Tokens",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-16T08:25:59.699Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32188"
        },
        {
          "url": "https://github.com/neuvector/neuvector/security/advisories/GHSA-622h-h2p8-743x"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "JWT token compromise can allow malicious actions including Remote Code Execution (RCE)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2023-32188",
    "datePublished": "2024-10-16T08:25:59.699Z",
    "dateReserved": "2023-05-04T08:30:59.321Z",
    "dateUpdated": "2024-10-16T17:25:54.710Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-22644 (GCVE-0-2023-22644)

Vulnerability from cvelistv5 – Published: 2023-09-20 08:12 – Updated: 2025-04-07 17:19
VLAI
Title
JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Summary
A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1270 - Generation of Incorrect Security Tokens
Assigner
Impacted products
Vendor Product Version
SUSE neuvector Affected: 0 , < 0.0.0-20231003121714-be746957ee7c (semver)
Create a notification for this product.
Date Public
2023-10-06 18:43
Credits
Dejan Zelic at Offensive Security
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:13:49.392Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22644"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-22644",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-07T17:18:53.805900Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-07T17:19:01.804Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "github.com/neuvector/neuvector",
          "product": "neuvector",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "0.0.0-20231003121714-be746957ee7c",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dejan Zelic at Offensive Security"
        }
      ],
      "datePublic": "2023-10-06T18:43:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE."
            }
          ],
          "value": "A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1270",
              "description": "CWE-1270: Generation of Incorrect Security Tokens",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T13:15:32.628Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32188"
        },
        {
          "url": "https://github.com/neuvector/neuvector/security/advisories/GHSA-622h-h2p8-743x"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "JWT token compromise can allow malicious actions including Remote Code Execution (RCE)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2023-22644",
    "datePublished": "2023-09-20T08:12:34.130Z",
    "dateReserved": "2023-01-05T10:40:08.605Z",
    "dateUpdated": "2025-04-07T17:19:01.804Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2882 (GCVE-0-2023-2882)

Vulnerability from cvelistv5 – Published: 2023-05-25 08:18 – Updated: 2026-05-22 10:52
VLAI
Title
Privilege Escalation in CBOT's Chatbot
Summary
Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1270 - Generation of Incorrect Security Tokens
Assigner
References
Impacted products
Vendor Product Version
CBOT Chatbot Affected: 0 , < Core: v4.0.3.4 Panel: v4.0.3.7 (custom)
Create a notification for this product.
Date Public
2023-05-25 08:30
Credits
Koray Seyfullah DANISMA
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:41:02.357Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.usom.gov.tr/bildirim/tr-23-0293"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2882",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T20:57:43.499873Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-15T20:58:37.074Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Chatbot",
          "vendor": "CBOT",
          "versions": [
            {
              "lessThan": "Core: v4.0.3.4 Panel: v4.0.3.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Koray Seyfullah DANISMA"
        }
      ],
      "datePublic": "2023-05-25T08:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.\u003cp\u003eThis issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\u003c/p\u003e"
            }
          ],
          "value": "Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.\n\nThis issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-633",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-633 Token Impersonation"
            }
          ]
        },
        {
          "capecId": "CAPEC-122",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-122 Privilege Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1270",
              "description": "CWE-1270 Generation of Incorrect Security Tokens",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-22T10:52:23.355Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "tags": [
            "government-resource",
            "broken-link"
          ],
          "url": "https://www.usom.gov.tr/bildirim/tr-23-0293"
        },
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0293"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update the\u0026nbsp;Core to \u0026gt;= v4.0.3.4 and the Panel to \u0026gt;= v4.0.3.7 ."
            }
          ],
          "value": "Update the\u00a0Core to \u003e= v4.0.3.4 and the Panel to \u003e= v4.0.3.7 ."
        }
      ],
      "source": {
        "advisory": "TR-23-0293",
        "defect": [
          "TR-23-0293"
        ],
        "discovery": "USER"
      },
      "title": "Privilege Escalation in CBOT\u0027s Chatbot",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2023-2882",
    "datePublished": "2023-05-25T08:18:23.610Z",
    "dateReserved": "2023-05-25T08:03:24.288Z",
    "dateUpdated": "2026-05-22T10:52:23.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-31122 (GCVE-0-2022-31122)

Vulnerability from cvelistv5 – Published: 2022-10-18 00:00 – Updated: 2025-04-23 16:45
VLAI
Title
Wire-server vulnerable to Token Recipient Confusion resulting in account impersonation, deletion or malicious account creation
Summary
Wire is an encrypted communication and collaboration platform. Versions prior to 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metadata, and configures their own SAML on the same backend, the attacker can delete all SAML authenticated accounts of a targeted team, Authenticate as a user of the attacked team and create arbitrary accounts in the context of the team if it is not managed by SCIM. This issue is fixed in wire-server 2022-07-12 and is already deployed on all Wire managed services. On-premise instances of wire-server need to be updated to 2022-07-12/Chart 4.19.0, so that their backends are no longer affected. As a workaround, the risk of an attack can be reduced by disabling SAML configuration for teams (galley.config.settings.featureFlags.sso). Helm overrides are located in `values/wire-server/values.yaml` Note that the ability to configure SAML SSO as a team is disabled by default for on-premise installations.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
  • CWE-1270 - Generation of Incorrect Security Tokens
Assigner
Impacted products
Vendor Product Version
wireapp wire-server Affected: < 2022-07-12
Affected: < 4.19.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:11:39.209Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/wireapp/wire-server/security/advisories/GHSA-gq27-gmgq-fmxw"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-31122",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:48:29.066223Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:45:37.145Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "wire-server",
          "vendor": "wireapp",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2022-07-12"
            },
            {
              "status": "affected",
              "version": "\u003c 4.19.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Wire is an encrypted communication and collaboration platform. Versions prior to 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metadata, and configures their own SAML on the same backend, the attacker can delete all SAML authenticated accounts of a targeted team, Authenticate as a user of the attacked team and create arbitrary accounts in the context of the team if it is not managed by SCIM. This issue is fixed in wire-server 2022-07-12 and is already deployed on all Wire managed services. On-premise instances of wire-server need to be updated to 2022-07-12/Chart 4.19.0, so that their backends are no longer affected. As a workaround, the risk of an attack can be reduced by disabling SAML configuration for teams (galley.config.settings.featureFlags.sso). Helm overrides are located in `values/wire-server/values.yaml` Note that the ability to configure SAML SSO as a team is disabled by default for on-premise installations."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1270",
              "description": "CWE-1270: Generation of Incorrect Security Tokens",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-18T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/wireapp/wire-server/security/advisories/GHSA-gq27-gmgq-fmxw"
        }
      ],
      "source": {
        "advisory": "GHSA-gq27-gmgq-fmxw",
        "discovery": "UNKNOWN"
      },
      "title": "Wire-server vulnerable to Token Recipient Confusion resulting in account impersonation, deletion or malicious account creation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-31122",
    "datePublished": "2022-10-18T00:00:00.000Z",
    "dateReserved": "2022-05-18T00:00:00.000Z",
    "dateUpdated": "2025-04-23T16:45:37.145Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-23X9-8HXR-978C

Vulnerability from github – Published: 2022-05-17 04:13 – Updated: 2025-04-13 23:04
VLAI
Summary
OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend
Details

The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "keystone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.0a0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2014-2237"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1270",
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-14T21:10:43Z",
    "nvd_published_at": "2014-04-01T06:35:00Z",
    "severity": "HIGH"
  },
  "details": "The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee\u0027s token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.",
  "id": "GHSA-23x9-8hxr-978c",
  "modified": "2025-04-13T23:04:52Z",
  "published": "2022-05-17T04:13:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2237"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/keystone/commit/813d1254eb4f7a7d40009b23bbadbc4c5cc5daac"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/keystone/commit/a411c944af78c36f2fdb87d305ba452dc52d7ed3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/keystone/commit/b6f0e26da0e2ab0892a5658da281a065e668637b"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/keystone/+bug/1260080"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openstack/keystone"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-105.yaml"
    },
    {
      "type": "WEB",
      "url": "https://rhn.redhat.com/errata/RHSA-2014-0580.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2014/03/04/16"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend"
}

GHSA-622H-H2P8-743X

Vulnerability from github – Published: 2023-10-06 20:43 – Updated: 2024-10-16 17:05
VLAI
Summary
JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Details

Impact

A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.

Patches

Upgrade to NeuVector version 5.2.2 or later and latest Helm chart (2.6.3+). + In 5.2.2 the certificate for JWT-signing is created automatically by controller with validity of 90days and rotated automatically. + Use Helm-based deployment/upgrade to 5.2.2 to generate a unique certificate for Manager, REST API, ahd registry adapter. Helm based installation/upgrade is required in order to automatically generate certificates upon initial installation and each subsequent upgrade. + See release notes for manual/yaml based deployment advice. + 5.2.2 also implements additional protections against possible RCE for the feature of custom compliance scripts.

Workarounds

Users can replace the Manager & Controller certificate manually by following the instructions in documented here. However, upgrading to 5.2.2 and replacing Manager/REST API certificate is recommended to provide additional security enhancements to prevent possible attempted exploit and resulting RCE. See release notes for additional details.

Credits

Thank you to Dejan Zelic at Offensive Security for responsibly reporting this vulnerability.

For More Information

View the NeuVector Security Policy

General NeuVector documentation

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 0.0.0-20230930010431-57d107118e92"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/neuvector/neuvector"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.0.0-20231003121714-be746957ee7c"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-32188"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1270"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-10-06T20:43:52Z",
    "nvd_published_at": "2024-10-16T09:15:03Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact \n\nA user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. \n\n### Patches \n\nUpgrade to NeuVector [version 5.2.2](https://open-docs.neuvector.com/releasenotes/5x) or later and latest Helm chart (2.6.3+). \n+ In 5.2.2 the certificate for JWT-signing is created automatically by controller with validity of 90days and rotated automatically.\n+ Use Helm-based deployment/upgrade to 5.2.2 to generate a unique certificate for Manager, REST API, ahd registry adapter. Helm based installation/upgrade is required in order to automatically generate certificates upon initial installation and each subsequent upgrade. \n+ See [release notes](https://open-docs.neuvector.com/releasenotes/5x) for manual/yaml based deployment advice.\n+ 5.2.2 also implements additional protections against possible RCE for the feature of custom compliance scripts. \n\n### Workarounds \n\nUsers can replace the Manager \u0026 Controller certificate manually by following the instructions in documented [here](https://open-docs.neuvector.com/configuration/console/replacecert). However, upgrading to 5.2.2 and replacing Manager/REST API certificate is recommended to provide additional security enhancements to prevent possible attempted exploit and resulting RCE. See [release notes](https://open-docs.neuvector.com/releasenotes/5x) for additional details.\n\n### Credits \n\nThank you to [Dejan Zelic](https://dejandayoff.com/) at [Offensive Security](https://www.offsec.com/) for responsibly reporting this vulnerability. \n\n### For More Information \n\nView the NeuVector [Security Policy](https://github.com/neuvector/neuvector/security) \n\nGeneral NeuVector [documentation](https://open-docs.neuvector.com/) ",
  "id": "GHSA-622h-h2p8-743x",
  "modified": "2024-10-16T17:05:17Z",
  "published": "2023-10-06T20:43:52Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/neuvector/neuvector/security/advisories/GHSA-622h-h2p8-743x"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32188"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32188"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/neuvector/neuvector"
    },
    {
      "type": "WEB",
      "url": "https://open-docs.neuvector.com/releasenotes/5x"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ],
  "summary": "JWT token compromise can allow malicious actions including Remote Code Execution (RCE) "
}

GHSA-6Q6R-HX29-59M5

Vulnerability from github – Published: 2023-09-20 09:30 – Updated: 2024-11-18 16:26
VLAI
Details

An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive information to be logged. This issue affects SUSE Manager Server Module 4.2: before 4.2.50-150300.3.66.5; SUSE Manager Server Module 4.3: before 4.3.58-150400.3.46.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-22644"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1270",
      "CWE-287",
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-20T09:15:12Z",
    "severity": "HIGH"
  },
  "details": "An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive information to be logged.\nThis issue affects SUSE Manager Server Module 4.2: before 4.2.50-150300.3.66.5; SUSE Manager Server Module 4.3: before 4.3.58-150400.3.46.4.\n\n",
  "id": "GHSA-6q6r-hx29-59m5",
  "modified": "2024-11-18T16:26:32Z",
  "published": "2023-09-20T09:30:22Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/neuvector/neuvector/security/advisories/GHSA-622h-h2p8-743x"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rancher/rancher/security/advisories/GHSA-9ghh-mmcq-8phc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22644"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22644"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22650"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32188"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8RC5-7HHH-7RPR

Vulnerability from github – Published: 2023-05-25 09:30 – Updated: 2024-04-04 04:20
VLAI
Details

Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-2882"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1270"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-25T09:15:12Z",
    "severity": "CRITICAL"
  },
  "details": "Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\n\n",
  "id": "GHSA-8rc5-7hhh-7rpr",
  "modified": "2024-04-04T04:20:16Z",
  "published": "2023-05-25T09:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2882"
    },
    {
      "type": "WEB",
      "url": "https://www.usom.gov.tr/bildirim/tr-23-0293"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CJJW-86JV-H24C

Vulnerability from github – Published: 2025-12-02 15:30 – Updated: 2025-12-03 18:30
VLAI
Details

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, might allow a physically proximate attacker to gain access to the EOL legacy bootloader.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-59698"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1270"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-02T15:15:55Z",
    "severity": "MODERATE"
  },
  "details": "Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, might allow a physically proximate attacker to gain access to the EOL legacy bootloader.",
  "id": "GHSA-cjjw-86jv-h24c",
  "modified": "2025-12-03T18:30:23Z",
  "published": "2025-12-02T15:30:33Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/google/security-research/security/advisories/GHSA-6q4x-m86j-gfwj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59698"
    },
    {
      "type": "WEB",
      "url": "https://www.entrust.com/use-case/why-use-an-hsm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation
  • Generation of Security Tokens should be reviewed for design inconsistency and common weaknesses.
  • Security-Token definition and programming flow should be tested in pre-silicon and post-silicon testing.
CAPEC-121: Exploit Non-Production Interfaces

An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable.

CAPEC-633: Token Impersonation

An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.

CAPEC-681: Exploitation of Improperly Controlled Hardware Security Identifiers

An adversary takes advantage of missing or incorrectly configured security identifiers (e.g., tokens), which are used for access control within a System-on-Chip (SoC), to read/write data or execute a given action.