CVE-2022-24450

Опубликовано: 08 фев. 2022

Источник: debian

EPSS Низкий

Описание

NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
nats-server	not-affected			package

Примечания

https://advisories.nats.io/CVE/CVE-2022-24450.txt

EPSS

Процентиль: 67%

0.00529

Низкий

Связанные уязвимости

CVE-2022-24450

CVSS3: 8.8

redhat

почти 4 года назад

NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature.

CVE-2022-24450

CVSS3: 8.8

nvd

почти 4 года назад

NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature.

GHSA-g6w6-r76c-28j7

CVSS3: 8.8

github

почти 4 года назад

Incorrect Authorization in NATS nats-server

EPSS

Процентиль: 67%

0.00529

Низкий