Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-29946HistoryJul 11, 2024 - 9:15 p.m.
CVE-2022-29946
2024-07-1121:15:10
Debian Security Bug Tracker
security-tracker.debian.org
2
nats server
vulnerability
bypass
security restrictions
remote attacker
wildcard
denied subjects
unix
AI Score
7
Confidence
Low
NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerability to allow denied subjects.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | nats-server | < 2.9.8-1 | nats-server_2.9.8-1_all.deb |
| Debian | 999 | all | nats-server | < 2.9.8-1 | nats-server_2.9.8-1_all.deb |
| Debian | 13 | all | nats-server | < 2.9.8-1 | nats-server_2.9.8-1_all.deb |
Related
osv
osv
CVE-2022-29946
2024-07-11 21:15:00
redhatcve
redhatcve
CVE-2022-29946
2024-07-12 04:03:46
github
github
veracode
veracode
Authentication Bypass
2024-07-12 06:59:41
ubuntucve
ubuntucve
CVE-2022-29946
2024-07-11 00:00:00
cve
cve
CVE-2022-29946
2024-07-11 21:15:10
cvelist
cvelist
CVE-2022-29946
2024-07-11 00:00:00
vulnrichment
vulnrichment
CVE-2022-29946
2024-07-11 00:00:00
nvd
nvd
CVE-2022-29946
2024-07-11 21:15:10