Описание
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-github-nats-io-jwt | fixed | 2.2.0-1 | package | |
| golang-github-nats-io-jwt | postponed | buster | package |
Примечания
https://advisories.nats.io/CVE/CVE-2020-26892.txt
https://github.com/nats-io/jwt/security/advisories/GHSA-4w5x-x539-ppf5
EPSS
Процентиль: 68%
0.00554
Низкий
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 5 лет назад
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.
CVSS3: 9.8
nvd
больше 5 лет назад
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.
CVSS3: 9.8
github
почти 4 года назад
Incorrect handling of credential expiry by /nats-io/nats-server
EPSS
Процентиль: 68%
0.00554
Низкий