[Security Advisory] 5.2.2 Release Remediates Critical CVE-2023-32188
NeuVector Updates for new release and security updates for the NeuVector container security platform
neuvector-updates at lists.suse.com
Fri Oct 6 13:43:25 UTC 2023
To the NeuVector Technical Update subscribers<https://lists.suse.com/mailman/listinfo/neuvector-updates>,
We’re happy to inform you that the v5.2.2 release of NeuVector is now available. This release fixes a critical vulnerability (CVE-2023-32188) in the NeuVector Manager/Controller and also has several enhancements and bug fixes.
CVE-2023-32188 - JWT token compromise can allow malicious actions including Remote Code Execution (RCE) – Users are advised to upgrade immediately to v5.2.2 to auto-generate the JWT signing token and use the NeuVector Helm chart v2.6.3+ to auto-generate a new certificate for Manager/REST API. In this is not possible, users should replace the Manager and Controller certificates as documented here<https://open-docs.neuvector.com/configuration/console/replacecert>. For more information, please see this NeuVector security advisory<https://github.com/neuvector/neuvector/security/advisories/GHSA-622h-h2p8-743x> on github.
Please see the 5.2.2 release notes<https://open-docs.neuvector.com/releasenotes/5x> for a complete list of enhancements and bug fixes.
If you are a subscriber to SUSE Support Services for NeuVector, you may contact your support team for assistance with upgrading.
Best regards,
The NeuVector team
You are receiving this email because you are a member of the NeuVector Technical Updates mailing list. To unsubscribe or manage your subscription please go to https://lists.suse.com/mailman/listinfo/neuvector-updates
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/neuvector-updates/attachments/20231006/b619c49e/attachment-0001.htm>
More information about the Neuvector-updates
mailing list