Making required fixes

kakabisht · kakabisht · commit 8f24b4978b55 · 2025-09-21T23:52:36.000+05:30
diff --git a/docs/16.security_advisories/01.security_advisories/cve.md b/docs/16.security_advisories/01.security_advisories/cve.md
@@ -4,12 +4,12 @@ NeuVector is committed to informing the community of security issues. Below is a
 
 ## CVE List
 
-| ID | Description | Date | Resolution |
+| ID | Description | Date | Release |
 | :---- | :---- | :---- | :---- |
 | [CVE-2025-8077](https://github.com/neuvector/neuvector/security/advisories/GHSA-8pxw-9c75-6w56) | For NeuVector deployment on the Kubernetes-based environment, the bootstrap password of the default admin user will be generated randomly and stored in a Kubernetes secret. The default admin will need to get the bootstrap password from the Kubernetes secret first and will be asked to change password after the first UI login is successful. | 25 Aug 2025 | [NeuVector v5.4.6](https://github.com/neuvector/neuvector/releases/tag/v5.4.6) |
 | [CVE-2025-53884](https://github.com/neuvector/neuvector/security/advisories/GHSA-8ff6-pc43-jwv3) | NeuVector uses a cryptographically secure salt with the PBKDF2 algorithm instead of a simple hash to protect user passwords. For rolling upgrades from earlier versions, NeuVector recalculates and stores the new password hash only after each user’s next successful login. | 25 Aug 2025 | [NeuVector v5.4.6](https://github.com/neuvector/neuvector/releases/tag/v5.4.6) |
 | [CVE-2025-54467](https://github.com/neuvector/neuvector/security/advisories/GHSA-w54x-xfxg-4gxq) | By default, NeuVector redacts process commands that contain the strings password,passwd, pwd, token, or key in security logs, syslog, enforcer debug logs, controller debug logs, webhooks, and support logs. Users can configure a Kubernetes ConfigMap to define custom regex patterns for additional process commands to redact. | 25 Aug 2025 | [NeuVector v5.4.6](https://github.com/neuvector/neuvector/releases/tag/v5.4.6) |
-| [CVE-2025-46808](?) | Sensitive information may be logged in the manager container depending on logging configuration and credential permissions. For more information, refer to [ Sensitive information exposure in NeuVector manager container logs](#sensitive-information-exposure-in-neuvector-manager-container-logs) | ? | [NeuVector v5.4.5](https://github.com/neuvector/neuvector/releases/tag/v5.4.5) |
+| CVE-2025-46808 | Sensitive information may be logged in the manager container depending on logging configuration and credential permissions. For more information, refer to [ Sensitive information exposure in NeuVector manager container logs](#sensitive-information-exposure-in-neuvector-manager-container-logs) | 09 Jul 2025 | [NeuVector v5.4.5](https://github.com/neuvector/neuvector/releases/tag/v5.4.5) |
 
 
 | — | . Fixed in 5.4.5. | < 5.0.0 – 5.4.4
@@ -40,16 +40,17 @@ A vulnerability has been identified in the NeuVector version up to and including
 | public\_key | Verifier’s public key | Request body | Create/update verifier in Sigstore page | NeuVector |
 
 :::note
-**Note:** NeuVector installations not using the single sign-on integration with Rancher Manager, and does not have Remote Repository Configuration enabled, are not affected by this issue.
+NeuVector installations that have the single sign-on integration with Rancher Manager and the Remote Repository Configuration disabled are not affected by this issue.
 :::
 
-In the patched version, X-R-Sess is partially masked so that users can confirm what it is being used while still keeping it safe for consumption. The log which includes `personal_access_token`, `token`, `rekor_public_key`, `root_cert`, `sct_public_key`, `public key` are removed, as the request body is not mandatory in the log.
+In the patched version, X-R-Sess is partially masked so that users can confirm what is being used while still keeping it safe for consumption. The log, which includes `personal_access_token`, `token`, `rekor_public_key`, `root_cert`, `sct_public_key`, and `public key` are removed, as the request body is not mandatory in the log.
 
 :::note
 * The severity of the vulnerability depends on your logging strategy.
    * **Local logging (default)**: Limits exposure of impact.
    * **External logging**: Vulnerability’s severity increases, the impact depends on security measures implemented at the external log collector level.
 * The final impact severity for confidentiality, integrity and availability is dependent on the permissions that the leaked credentials have on their own services.
+:::
 
 Please consult the associated [Unsecured credentials](https://attack.mitre.org/techniques/T1552/) for further information about this category of attack.
 
@@ -66,5 +67,5 @@ No workarounds are currently available. Customers are advised to upgrade to a fi
 * Contact the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy).
 * Open an issue in the [NeuVector GitHub repository](https://github.com/neuvector/neuvector/issues/new/choose).
 * References:
-  ** [NeuVector Support Matrix](https://www.suse.com/suse-neuvector/support-matrix/all-supported-versions/neuvector-v-all-versions/)
-  ** [Product Support Lifecycle](https://www.suse.com/lifecycle/#suse-security)
+   * [NeuVector Support Matrix](https://www.suse.com/suse-neuvector/support-matrix/all-supported-versions/neuvector-v-all-versions/)
+   * [Product Support Lifecycle](https://www.suse.com/lifecycle/#suse-security)
diff --git a/versioned_docs/version-5.4/16.security_advisories/01.security_advisories/cve.md b/versioned_docs/version-5.4/16.security_advisories/01.security_advisories/cve.md
@@ -7,8 +7,12 @@ NeuVector is committed to informing the community of security issues. Below is a
 | ID | Description | Date | Release |
 | :---- | :---- | :---- | :---- |
 | [CVE-2025-8077](https://github.com/neuvector/neuvector/security/advisories/GHSA-8pxw-9c75-6w56) | For NeuVector deployment on the Kubernetes-based environment, the bootstrap password of the default admin user will be generated randomly and stored in a Kubernetes secret. The default admin will need to get the bootstrap password from the Kubernetes secret first and will be asked to change password after the first UI login is successful. | 25 Aug 2025 | [NeuVector v5.4.6](https://github.com/neuvector/neuvector/releases/tag/v5.4.6) |
-| [CVE-2025-53884](https://github.com/neuvector/neuvector/security/advisories/GHSA-8ff6-pc43-jwv3) | NeuVector uses a cryptographically secure salt with the PBKDF2 algorithm instead of a simple hash to protect user passwords.For rolling upgrades from earlier versions, NeuVector recalculates and stores the new password hash only after each user’s next successful login. | 25 Aug 2025 | [NeuVector v5.4.6](https://github.com/neuvector/neuvector/releases/tag/v5.4.6) |
+| [CVE-2025-53884](https://github.com/neuvector/neuvector/security/advisories/GHSA-8ff6-pc43-jwv3) | NeuVector uses a cryptographically secure salt with the PBKDF2 algorithm instead of a simple hash to protect user passwords. For rolling upgrades from earlier versions, NeuVector recalculates and stores the new password hash only after each user’s next successful login. | 25 Aug 2025 | [NeuVector v5.4.6](https://github.com/neuvector/neuvector/releases/tag/v5.4.6) |
 | [CVE-2025-54467](https://github.com/neuvector/neuvector/security/advisories/GHSA-w54x-xfxg-4gxq) | By default, NeuVector redacts process commands that contain the strings password,passwd, pwd, token, or key in security logs, syslog, enforcer debug logs, controller debug logs, webhooks, and support logs. Users can configure a Kubernetes ConfigMap to define custom regex patterns for additional process commands to redact. | 25 Aug 2025 | [NeuVector v5.4.6](https://github.com/neuvector/neuvector/releases/tag/v5.4.6) |
+| CVE-2025-46808 | Sensitive information may be logged in the manager container depending on logging configuration and credential permissions. For more information, refer to [ Sensitive information exposure in NeuVector manager container logs](#sensitive-information-exposure-in-neuvector-manager-container-logs) | 09 Jul 2025 | [NeuVector v5.4.5](https://github.com/neuvector/neuvector/releases/tag/v5.4.5) |
+
+
+| — | . Fixed in 5.4.5. | < 5.0.0 – 5.4.4
 
 ## Sensitive information exposure in NeuVector manager container logs
 
@@ -36,16 +40,17 @@ A vulnerability has been identified in the NeuVector version up to and including
 | public\_key | Verifier’s public key | Request body | Create/update verifier in Sigstore page | NeuVector |
 
 :::note
-**Note:** NeuVector installations not using the single sign-on integration with Rancher Manager, and does not have Remote Repository Configuration enabled, are not affected by this issue.
+NeuVector installations that have the single sign-on integration with Rancher Manager and the Remote Repository Configuration disabled are not affected by this issue.
 :::
 
-In the patched version, X-R-Sess is partially masked so that users can confirm what it is being used while still keeping it safe for consumption. The log which includes `personal_access_token`, `token`, `rekor_public_key`, `root_cert`, `sct_public_key`, `public key` are removed, as the request body is not mandatory in the log.
+In the patched version, X-R-Sess is partially masked so that users can confirm what is being used while still keeping it safe for consumption. The log, which includes `personal_access_token`, `token`, `rekor_public_key`, `root_cert`, `sct_public_key`, and `public key` are removed, as the request body is not mandatory in the log.
 
 :::note
 * The severity of the vulnerability depends on your logging strategy.
    * **Local logging (default)**: Limits exposure of impact.
    * **External logging**: Vulnerability’s severity increases, the impact depends on security measures implemented at the external log collector level.
 * The final impact severity for confidentiality, integrity and availability is dependent on the permissions that the leaked credentials have on their own services.
+:::
 
 Please consult the associated [Unsecured credentials](https://attack.mitre.org/techniques/T1552/) for further information about this category of attack.
 
@@ -62,5 +67,5 @@ No workarounds are currently available. Customers are advised to upgrade to a fi
 * Contact the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy).
 * Open an issue in the [NeuVector GitHub repository](https://github.com/neuvector/neuvector/issues/new/choose).
 * References:
-  ** [NeuVector Support Matrix](https://www.suse.com/suse-neuvector/support-matrix/all-supported-versions/neuvector-v-all-versions/)
-  ** [Product Support Lifecycle](https://www.suse.com/lifecycle/#suse-security)
+   * [NeuVector Support Matrix](https://www.suse.com/suse-neuvector/support-matrix/all-supported-versions/neuvector-v-all-versions/)
+   * [Product Support Lifecycle](https://www.suse.com/lifecycle/#suse-security)
