Nats Streaming Server vulnerabilities
2 known vulnerabilities affecting nats/nats_streaming_server.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-26652MEDIUMCVSS 6.5≥ 0.15.0, < 0.24.32022-03-10
CVE-2022-26652 [MEDIUM] CWE-22 CVE-2022-26652: NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP
NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.
nvd
CVE-2022-24450HIGHCVSS 8.8≥ 0.15.0, < 0.24.12022-02-08
CVE-2022-24450 [HIGH] CWE-862 CVE-2022-24450: NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the pr
NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature.
nvd