Linuxfoundation Nats-Server vulnerabilities

26 known vulnerabilities affecting linuxfoundation/nats-server.

Total CVEs
26
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH11MEDIUM12

Vulnerabilities

Page 2 of 2
CVE-2022-24450HIGHCVSS 8.8≥ 2.0.0, < 2.7.22022-02-08
CVE-2022-24450 [HIGH] CWE-862 CVE-2022-24450: NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the pr NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature.
nvd
CVE-2021-3127HIGHCVSS 7.5≥ 2.0.0, < 2.2.02021-03-16
CVE-2021-3127 [HIGH] CWE-755 CVE-2021-3127: NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Impo NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.
nvd
CVE-2020-28466HIGHCVSS 7.5≥ 2.0.0, < 2.2.02021-03-07
CVE-2020-28466 [HIGH] CVE-2020-28466: This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are a This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightened risk. Any remote execution flaw or equivalent seriousness, or
nvd
CVE-2020-26892CRITICALCVSS 9.8fixed in 2.1.92020-11-06
CVE-2020-26892 [CRITICAL] CWE-798 CVE-2020-26892: The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.
nvd
CVE-2020-26521HIGHCVSS 7.5fixed in 2.1.92020-11-06
CVE-2020-26521 [HIGH] CWE-476 CVE-2020-26521: The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).
nvd
CVE-2019-13126HIGHCVSS 7.5fixed in 2.0.22019-07-29
CVE-2019-13126 [HIGH] CWE-190 CVE-2019-13126: An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by send An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated.
nvd
← Previous2 / 2