CVE-2022-26652
published 2022-03-10CVE-2022-26652: NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server…
PriorityP340medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
2.25%
80.7th percentile
NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nats-server | — | — |
| github.com | nats-io_nats-server_v2 | >= 2.2.0 < 2.7.4 | 2.7.4 |
| github.com | nats-io_nats-streaming-server | >= 0.15.0 < 0.24.3 | 0.24.3 |
| linuxfoundation | nats-server | >= 2.2.0 < 2.7.4 | 2.7.4 |
| nats | nats_streaming_server | >= 0.15.0 < 0.24.3 | 0.24.3 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
ghsa6.5MEDIUM
osv6.5MEDIUM
vendor_debian6.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Arbitrary file write in nats-server in github.com/nats-io/nats-server
osv·2024-08-21
CVE-2022-26652 Arbitrary file write in nats-server in github.com/nats-io/nats-server
Arbitrary file write in nats-server in github.com/nats-io/nats-server
Arbitrary file write in nats-server in github.com/nats-io/nats-server
GHSA
Arbitrary file write in nats-server
ghsa·2022-03-10·CVSS 6.5
CVE-2022-26652 [MEDIUM] CWE-22 Arbitrary file write in nats-server
Arbitrary file write in nats-server
(This document is canonically: )
## Background
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing.
JetStream is the optional RAFT-based resilient persistent feature of NATS.
## Problem Description
The JetStream streams can be backed up and restored via NATS. The backup format is a tar archive file. Inadequate checks on the filenames within the archive file permit a so-called "Zip Slip" attack in the stream restore.
NATS nats-server through 2022-03-09 (fixed in release 2.7.4) did not correctly sanitize elements of the archive file, thus a user of NATS
could cause the NATS server to write arbitrary content to an attacker-controlled filename.
## Affected
OSV
Arbitrary file write in nats-server
osv·2022-03-10·CVSS 6.5
CVE-2022-26652 [MEDIUM] Arbitrary file write in nats-server
Arbitrary file write in nats-server
(This document is canonically: )
## Background
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing.
JetStream is the optional RAFT-based resilient persistent feature of NATS.
## Problem Description
The JetStream streams can be backed up and restored via NATS. The backup format is a tar archive file. Inadequate checks on the filenames within the archive file permit a so-called "Zip Slip" attack in the stream restore.
NATS nats-server through 2022-03-09 (fixed in release 2.7.4) did not correctly sanitize elements of the archive file, thus a user of NATS
could cause the NATS server to write arbitrary content to an attacker-controlled filename.
## Affected
Debian
CVE-2022-26652: nats-server - NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via...
vendor_debian·2022·CVSS 6.5
CVE-2022-26652 [MEDIUM] CVE-2022-26652: nats-server - NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via...
NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.
Scope: local
bookworm: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2022/03/10/1https://advisories.nats.io/CVE/CVE-2022-26652.txthttps://github.com/nats-io/nats-server/releaseshttps://github.com/nats-io/nats-server/security/advisories/GHSA-6h3m-36w8-hv68http://www.openwall.com/lists/oss-security/2022/03/10/1https://advisories.nats.io/CVE/CVE-2022-26652.txthttps://github.com/nats-io/nats-server/releaseshttps://github.com/nats-io/nats-server/security/advisories/GHSA-6h3m-36w8-hv68
2022-03-10
Published