Upstream information
Description
NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle (MITM) attacks.Upstream Security Advisories:
SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
| CVSS detail | CNA (SUSE) |
|---|---|
| Base Score | 8.8 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | High |
| CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- GHSA-4jj9-cgqc-x9h5, published Fri Dec 12 15:02:16 CET 2025
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|
SUSE Timeline for this CVE
CVE page created: Wed Nov 26 10:15:09 2025CVE page last modified: Fri Jan 9 12:56:51 2026