rpm package
suse/hub-xmlrpc-api&distro=SUSE Manager Server Module 4.3
pkg:rpm/suse/hub-xmlrpc-api&distro=SUSE%20Manager%20Server%20Module%204.3
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-22644 | — | < 0.7-150400.5.6.5 | 0.7-150400.5.6.5 | Sep 20, 2023 | A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. | ||
| CVE-2023-29409 | — | < 0.7-150400.5.9.15 | 0.7-150400.5.9.15 | Aug 2, 2023 | Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are curr |
- CVE-2023-22644Sep 20, 2023affected < 0.7-150400.5.6.5fixed 0.7-150400.5.6.5
A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE.
- CVE-2023-29409Aug 2, 2023affected < 0.7-150400.5.9.15fixed 0.7-150400.5.9.15
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are curr