Github.Com Nats-Io Nats-Streaming-Server vulnerabilities

CVE-2022-29946 [HIGH] CWE-863 NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attack

CVE-2022-26652 [MEDIUM] CWE-22 Arbitrary file write in nats-server Arbitrary file write in nats-server (This document is canonically: ) ## Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. JetStream is the optional RAFT-based resilient persistent feature of NATS. ## Problem Description The JetStream streams can be backed up and restored via NATS. The backup format is a tar archive fi

CVE-2022-24450 [HIGH] CWE-863 Incorrect Authorization in NATS nats-server Incorrect Authorization in NATS nats-server (This advisory is canonically ) ## Problem Description NATS nats-server through 2022-02-04 has Incorrect Access Control, with unchecked ability for clients to authorize into any account, because of a coding error in a long-extant experimental feature. A client crafting the initial protocol-level handshake could, with valid credentials for any account, specify a target account