Debian Nats-Server vulnerabilities

CVE-2022-24450 [HIGH] CVE-2022-24450: nats-server - NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated us... NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature. Scope: local bookworm: resolved forky: resolved sid: resolved trixie: resolved

CVE-2021-3127 [HIGH] CVE-2021-3127: golang-github-nats-io-jwt - NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access ... NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled. Scope: local bookworm: resolved (fixed in 2.2.0-1) forky: resolved (fixed in 2.2.0-1) sid: resolved (fixed in 2.2.0-1) trixie: resolved (fixed in 2.2.0-1)

CVE-2020-28466 [HIGH] CVE-2020-28466: nats-server - This affects all versions of package github.com/nats-io/nats-server/server. Untr... This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightened risk. Any remote execution flaw or equivalent seriousness, or den

CVE-2019-13126 [HIGH] CVE-2019-13126: nats-server - An integer overflow in NATS Server before 2.0.2 allows a remote attacker to cras... An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated. Scope: local bookworm: resolved forky: resolved sid: resolved trixie: resolved