CVE-2022-24450
published 2022-02-08CVE-2022-24450: NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically…
PriorityP351high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.31%
67.0th percentile
NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nats-server | — | — |
| github.com | nats-io_nats-server_v2 | >= 2.0.0 < 2.7.2 | 2.7.2 |
| github.com | nats-io_nats-streaming-server | >= 0.15.0 < 0.24.1 | 0.24.1 |
| linuxfoundation | nats-server | >= 2.0.0 < 2.7.2 | 2.7.2 |
| nats | nats_streaming_server | >= 0.15.0 < 0.24.1 | 0.24.1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
ghsa8.8HIGH
osv8.8HIGH
vendor_debian8.8LOW
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Incorrect Authorization in NATS nats-server in github.com/nats-io/nats-server
osv·2024-08-21
CVE-2022-24450 Incorrect Authorization in NATS nats-server in github.com/nats-io/nats-server
Incorrect Authorization in NATS nats-server in github.com/nats-io/nats-server
Incorrect Authorization in NATS nats-server in github.com/nats-io/nats-server
OSV
Incorrect Authorization in NATS nats-server
osv·2022-02-08·CVSS 8.8
CVE-2022-24450 [HIGH] Incorrect Authorization in NATS nats-server
Incorrect Authorization in NATS nats-server
(This advisory is canonically )
## Problem Description
NATS nats-server through 2022-02-04 has Incorrect Access Control, with unchecked ability for clients to authorize into any account, because of a coding error in a long-extant experimental feature.
A client crafting the initial protocol-level handshake could, with valid credentials for any account, specify a target account and switch into it immediately. This includes any other tenant, and includes the System account which controls nats-server core operations.
For deployments not using multi-tenancy through NATS Accounts, there is still a vulnerability: normal users are able to choose to be in the System account.
An experimental feature to provide dynamically provisioned sandbox accounts
GHSA
Incorrect Authorization in NATS nats-server
ghsa·2022-02-08·CVSS 8.8
CVE-2022-24450 [HIGH] CWE-863 Incorrect Authorization in NATS nats-server
Incorrect Authorization in NATS nats-server
(This advisory is canonically )
## Problem Description
NATS nats-server through 2022-02-04 has Incorrect Access Control, with unchecked ability for clients to authorize into any account, because of a coding error in a long-extant experimental feature.
A client crafting the initial protocol-level handshake could, with valid credentials for any account, specify a target account and switch into it immediately. This includes any other tenant, and includes the System account which controls nats-server core operations.
For deployments not using multi-tenancy through NATS Accounts, there is still a vulnerability: normal users are able to choose to be in the System account.
An experimental feature to provide dynamically provisioned sandbox accounts
Red Hat
nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account
vendor_redhat·2022-02-07·CVSS 8.8
CVE-2022-24450 [HIGH] CWE-270 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account
nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account
NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature.
A flaw was found in the NATS nats-server in an experimental feature that provides dynamically provisioned sandbox accounts that do not check the clients’ authorization. This flaw allows an attacker to take advantage of its valid account and switch over to another existing account without further authentication.
Package: memcached-exporter-container (Red Hat Advanced Cluster Management for Kubernetes 2) - Not affected
Package: prometheus-container (R
Debian
CVE-2022-24450: nats-server - NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated us...
vendor_debian·2022·CVSS 8.8
CVE-2022-24450 [HIGH] CVE-2022-24450: nats-server - NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated us...
NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature.
Scope: local
bookworm: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-02-08
Published