Описание
NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerability to allow denied subjects.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-apps/noble | not-affected | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | not-affected | 2.10.7-1 |
| upstream | released | 2.9.8-1 |
Показывать по
6.3 Medium
CVSS3
Связанные уязвимости
NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerability to allow denied subjects.
NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerability to allow denied subjects.
NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 co ...
NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects
6.3 Medium
CVSS3