NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerability to allow denied subjects.
Vendor | Product | Version | CPE |
---|---|---|---|
nats | nats_streaming_server | * | cpe:2.3:a:nats:nats_streaming_server:*:*:*:*:*:*:*:* |
github.com\/nats | io\/jwt\/v2 | * | cpe:2.3:a:github.com\/nats:io\/jwt\/v2:*:*:*:*:*:*:*:* |