CNNVD-202510-4245 Information
CNNVD ID
CNNVD-202510-4245
Related CVE
- CNNVD Published: 2025-10-30
Description (Chinese)
NeuVector是美国NeuVector公司的一套端到端的容器安全平台。该平台包括图像漏洞管理、准入控制和容器进程/文件系统保护等功能。 NeuVector存在操作系统命令注入漏洞,该漏洞源于enforcer容器使用环境变量CLUSTER_RPC_PORT和CLUSTER_LAN_PORT生成通过popen执行的命令时未清理其值,可能导致命令注入攻击。
Description (English)
NeuVector is an end-to-end container safety platform for NeuVector in the United States. The platform includes features such as image gap management, access control and container process/document system protection. NeuVector has an operating system command to inject a loophole, which originates from the use of the enforcer packagings to generate orders executed through popen without cleaning their value when using the environmental variables CLUSER RPC PORT and CLUSER LAN PORT.
Hazard Level
Low
Vulnerability Type
操作系统命令注入
Affected Vendor
NeuVector
Published
2025-10-30
Last Modified
2026-02-24
References
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-54469 https://github.com/neuvector/neuvector/security/advisories/GHSA-c8g6-qrwh-m3vp
Patch
https://github.com/neuvector/neuvector/releases
Share on: