Pietro Dellamore

Name of the Vulnerable Software and Affected Versions: NeuVector versions prior to 5.4.6 Description: NeuVector process handling can lead to the leakage of sensitive arguments, such as passwords, within security event logs. The software uses regular expressions to detect and redact sensitive data from process commands, but the default regex may be insufficient. While custom regex patterns can be defined, a large number of patterns can negatively impact NeuVector enforcer performance due to increased backtracking. Recommendations: NeuVector versions prior to 5.4.6: Upgrade to version 5.4.6 or later to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** NeuVector versions prior to 5.4.6 **Description** NeuVector versions up to and including 5.4.5 use a hardcoded password for the built-in `admin` account. If this password is not changed after deployment, attackers with network access within the cluster can obtain an authentication token and compromise the cluster. The token can then be used to perform any operation via NeuVector APIs. ZoomEye identifies approximately 826 potentially affected targets. **Recommendations** NeuVector versions prior to 5.4.6: Immediately log in to the NeuVector UI after deployment and update the default `admin` password. NeuVector versions prior to 5.4.6: As a temporary workaround, restrict network access to NeuVector to minimize the risk of unauthorized access. NeuVector versions 5.4.0 through 5.4.5: Upgrade to version 5.4.6 or later to resolve the issue. NeuVector versions 5.4.6 and later: Ensure the Kubernetes RBAC roles `neuvector-binding-secret-controller` are created before starting NeuVector, if deploying or upgrading manually.

**Name of the Vulnerable Software and Affected Versions** Rancher versions prior to v2.8.13 Rancher versions prior to v2.9.7 Rancher versions prior to v2.10.3 **Description** A vulnerability has been identified in Rancher where an unauthenticated user can list and delete CLI authentication tokens, preventing users from logging in via the CLI. This issue affects SAML-based authentication providers and occurs because the login flow from the CLI polls the `/v3-public/authTokens/<token name>` endpoint. The token is encrypted and cannot be used to impersonate a real user if intercepted. Rancher deployments using only the local authentication provider or non-SAML-based authentication providers are not impacted. **Recommendations** For versions prior to v2.8.13, upgrade to version v2.8.13 or later. For versions prior to v2.9.7, upgrade to version v2.9.7 or later. For versions prior to v2.10.3, upgrade to version v2.10.3 or later. As a temporary workaround, users can refrain from using the Rancher CLI to log in.