Adding a table ref for CVEs #198
Conversation
There was a problem hiding this comment.
Thanks for the PR @kakabisht! Left some edit comments below, but some other changes are needed on this page that I'll note here:
The note on lines 42-44 needs editing, suggesting:
NeuVector installations that have the single sign-on integration with Rancher Manager and the Remote Repository Configuration disabled are not affected by this issue.
The phrasing of line 46 I think should be updated as well, suggestiong below:
In the patched version, X-R-Sess is partially masked so that users can confirm what is being used while still keeping it safe for consumption. The log, which includes `personal_access_token`, `token`, `rekor_public_key`, `root_cert`, `sct_public_key`, and `public key` are removed, as the request body is not mandatory in the log.
The note on line 48 needs the closing ::: after line 52.
The bullet points are erroring from lines 66-70. Suggestion below:
* Contact the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy).
* Open an issue in the [NeuVector GitHub repository](https://github.com/neuvector/neuvector/issues/new/choose).
* References:
* [NeuVector Support Matrix](https://www.suse.com/suse-neuvector/support-matrix/all-supported-versions/neuvector-v-all-versions/)
* [Product Support Lifecycle](https://www.suse.com/lifecycle/#suse-security)
These changes will also need to be applied to the page in the 5.4 folder as well. Please let me know if you have any questions, thanks!
| @@ -7,8 +7,12 @@ NeuVector is committed to informing the community of security issues. Below is a | |||
| | ID | Description | Date | Release | | |||
There was a problem hiding this comment.
| | ID | Description | Date | Release | | |
| | ID | Description | Date | Resolution | |
There was a problem hiding this comment.
Not part of changes but this should be updated to be clear to users on the resolution version/date. Standard with what can be seen on the RM table for example.
| | [CVE-2025-46808](?) | Sensitive information may be logged in the manager container depending on logging configuration and credential permissions. For more information, refer to [ Sensitive information exposure in NeuVector manager container logs](#sensitive-information-exposure-in-neuvector-manager-container-logs) | ? | [NeuVector v5.4.5](https://github.com/neuvector/neuvector/releases/tag/v5.4.5) | | ||
|
|
||
|
|
||
| | — | . Fixed in 5.4.5. | < 5.0.0 – 5.4.4 |
There was a problem hiding this comment.
| | [CVE-2025-46808](?) | Sensitive information may be logged in the manager container depending on logging configuration and credential permissions. For more information, refer to [ Sensitive information exposure in NeuVector manager container logs](#sensitive-information-exposure-in-neuvector-manager-container-logs) | ? | [NeuVector v5.4.5](https://github.com/neuvector/neuvector/releases/tag/v5.4.5) | | |
| | — | . Fixed in 5.4.5. | < 5.0.0 – 5.4.4 | |
| | CVE-2025-46808 | Sensitive information may be logged in the manager container depending on logging configuration and credential permissions. For more information, refer to [Sensitive information exposure in NeuVector manager container logs](#sensitive-information-exposure-in-neuvector-manager-container-logs). | 09 Jul 2025 | [NeuVector v5.4.5](https://github.com/neuvector/neuvector/releases/tag/v5.4.5) | | |
There was a problem hiding this comment.
I did some research in the NV repo and RM repo for security link but I didn't see any items regarding CVE-2025-46808, do you have any more context @kakabisht ? Otherwise may need to follow-up with Security to see if they might know where the CVE is hosted to get a link. We can have no link for now and the link to the section below gives appropriate information to resolve.
No description provided.