JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Impact A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. Patches Upgrade to NeuVector version 5.2.2 or later and latest Helm chart (2.6.3+). In 5.2.2 the certificate for JWT-signing is created automatically by controller with validity of 90days and rotated automatically. Use Helm-based …