DATABASE RESOURCES PRICING ABOUT US

{"id": "GHSA-4W5X-X539-PPF5", "vendorId": null, "type": "github", "bulletinFamily": "software", "title": "Incorrect handling of credential expiry by /nats-io/nats-server", "description": "\n## Problem Description\n\nNATS nats-server through 2020-10-07 has Incorrect Access Control because of how expired credentials are handled.\n\nThe NATS accounts system has expiration timestamps on credentials; the <https://github.com/nats-io/jwt> library had an API which encouraged misuse and an `IsRevoked()` method which misused its own API.\n\nA new `IsClaimRevoked()` method has correct handling and the nats-server has been updated to use this. The old `IsRevoked()` method now always returns true and other client code will have to be updated to avoid calling it.\n\nThe CVE identifier should cover any application using the old JWT API, where the nats-server is one of those applications.\n\n\n## Affected versions\n\n#### JWT library\n\n * all versions prior to 1.1.0\n * fixed after nats-io/jwt PR 103 landed (2020-10-06)\n\n#### NATS Server\n\n * Version 2 prior to 2.1.9\n + 2.0.0 through and including 2.1.8 are vulnerable.\n * fixed with nats-io/nats-server PRs 1632, 1635, 1645\n\n\n## Impact\n\nTime-based credential expiry did not work.\n\n\n## Workaround\n\nHave credentials which only expire after fixes can be deployed.\n\n\n## Solution\n\nUpgrade the JWT dependency in any application using it.\n\nUpgrade the NATS server if using NATS Accounts.", "published": "2022-02-11T23:42:20", "modified": "2023-08-29T22:09:22", "epss": [{"cve": "CVE-2020-26892", "epss": 0.00149, "percentile": 0.49825, "modified": "2023-06-06"}], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://github.com/advisories/GHSA-4w5x-x539-ppf5", "reporter": "GitHub Advisory Database", "references": ["https://github.com/nats-io/jwt/security/advisories/GHSA-4w5x-x539-ppf5", "https://nvd.nist.gov/vuln/detail/CVE-2020-26892", "https://github.com/nats-io/nats-server/commit/1e08b67f08e18cd844dce833a265aaa72500a12f", "https://advisories.nats.io/CVE/CVE-2020-26892.txt", "https://github.com/nats-io/nats-server/commits/master", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI/", "https://www.openwall.com/lists/oss-security/2020/11/02/2", "https://github.com/nats-io/jwt/commit/e11ce317263cef69619fc1ca743b195d02aa1d8a", "https://pkg.go.dev/vuln/GO-2022-0380", "https://github.com/advisories/GHSA-4w5x-x539-ppf5"], "cvelist": ["CVE-2020-26892"], "immutableFields": [], "lastseen": "2023-08-30T10:50:09", "viewCount": 12, "enchantments": {"backreferences": {"references": [{"type": "cve", "idList": ["CVE-2020-26892"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-26892"]}, {"type": "fedora", "idList": ["FEDORA:5E48B3095EA4"]}, {"type": "kitploit", "idList": ["KITPLOIT:116690769744039319"]}, {"type": "nessus", "idList": ["FEDORA_2020-2C8851D48B.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:99DC4B497599503D640FDFD9A2DC5FA3"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-26892"]}]}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-26892"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-26892"]}, {"type": "fedora", "idList": ["FEDORA:5E48B3095EA4"]}, {"type": "github", "idList": ["GHSA-2C64-VJ8G-VWRQ"]}, {"type": "ibm", "idList": ["5EBDDE4F23BDE648A3D8ACD5EF59DF70B5EA28E4307897A3AD81A01D099D7AEA"]}, {"type": "nessus", "idList": ["FEDORA_2020-2C8851D48B.NASL"]}, {"type": "osv", "idList": ["OSV:GHSA-2C64-VJ8G-VWRQ", "OSV:GHSA-4W5X-X539-PPF5", "OSV:GO-2022-0380"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-26892"]}, {"type": "veracode", "idList": ["VERACODE:30641"]}]}, "exploitation": null, "score": {"value": 9.1, "vector": "NONE"}, "affected_software": {"major_version": [{"name": "github.com/nats-io/nats-server/v2", "version": 2}, {"name": "github.com/nats-io/jwt", "version": 1}]}, "epss": [{"cve": "CVE-2020-26892", "epss": 0.00149, "percentile": 0.4961, "modified": "2023-05-01"}], "vulnersScore": 9.1}, "_state": {"dependencies": 1693395817, "score": 1693396081, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "95b381e1c01d4729c0788cd148c57acd"}, "affectedSoftware": [{"version": "2.1.9", "operator": "lt", "ecosystem": "GO", "name": "github.com/nats-io/nats-server/v2"}, {"version": "1.1.0", "operator": "lt", "ecosystem": "GO", "name": "github.com/nats-io/jwt"}]}

{"debiancve": [{"lastseen": "2023-06-06T14:55:20", "description": "The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-06T08:15:00", "type": "debiancve", "title": "CVE-2020-26892", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26892"], "modified": "2020-11-06T08:15:00", "id": "DEBIANCVE:CVE-2020-26892", "href": "https://security-tracker.debian.org/tracker/CVE-2020-26892", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2023-08-29T22:20:09", "description": "\n## Problem Description\n\nNATS nats-server through 2020-10-07 has Incorrect Access Control because of how expired credentials are handled.\n\nThe NATS accounts system has expiration timestamps on credentials; the <https://github.com/nats-io/jwt> library had an API which encouraged misuse and an `IsRevoked()` method which misused its own API.\n\nA new `IsClaimRevoked()` method has correct handling and the nats-server has been updated to use this. The old `IsRevoked()` method now always returns true and other client code will have to be updated to avoid calling it.\n\nThe CVE identifier should cover any application using the old JWT API, where the nats-server is one of those applications.\n\n\n## Affected versions\n\n#### JWT library\n\n * all versions prior to 1.1.0\n * fixed after nats-io/jwt PR 103 landed (2020-10-06)\n\n#### NATS Server\n\n * Version 2 prior to 2.1.9\n + 2.0.0 through and including 2.1.8 are vulnerable.\n * fixed with nats-io/nats-server PRs 1632, 1635, 1645\n\n\n## Impact\n\nTime-based credential expiry did not work.\n\n\n## Workaround\n\nHave credentials which only expire after fixes can be deployed.\n\n\n## Solution\n\nUpgrade the JWT dependency in any application using it.\n\nUpgrade the NATS server if using NATS Accounts.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-11T23:42:20", "type": "osv", "title": "Incorrect handling of credential expiry by /nats-io/nats-server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26892"], "modified": "2023-08-29T22:09:18", "id": "OSV:GHSA-4W5X-X539-PPF5", "href": "https://osv.dev/vulnerability/GHSA-4w5x-x539-ppf5", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-18T22:08:29", "description": "The AccountClaims.IsRevoked and Export.IsRevoked functions improperly validate expired credentials using the current system time rather than the issue time of the JWT to be tested.\n\nThese functions cannot be used properly. Newer versions of the jwt package provide an IsClaimRevoked method which performs correct validation. In these versions, the IsRevoked method always return true.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-15T23:29:36", "type": "osv", "title": "GO-2022-0380", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26892"], "modified": "2022-11-18T21:27:14", "id": "OSV:GO-2022-0380", "href": "https://osv.dev/vulnerability/GO-2022-0380", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-29T22:21:36", "description": "(This advisory is canonically https://advisories.nats.io/CVE/CVE-2020-26892.txt )\n\n## Problem Description\n\nNATS nats-server through 2020-10-07 has Incorrect Access Control because of how expired credentials are handled.\n\nThe NATS accounts system has expiration timestamps on credentials; the <https://github.com/nats-io/jwt> library had an API which encouraged misuse and an `IsRevoked()` method which misused its own API.\n\nA new `IsClaimRevoked()` method has correct handling and the nats-server has been updated to use this. The old `IsRevoked()` method now always returns true and other client code will have to be updated to avoid calling it.\n\nThe CVE identifier should cover any application using the old JWT API, where the nats-server is one of those applications.\n\n\n## Affected versions\n\n#### JWT library\n\n * all versions prior to 1.1.0\n * fixed after nats-io/jwt PR 103 landed (2020-10-06)\n\n#### NATS Server\n\n * Version 2 prior to 2.1.9\n + 2.0.0 through and including 2.1.8 are vulnerable.\n * fixed with nats-io/nats-server PRs 1632, 1635, 1645\n\n\n## Impact\n\nTime-based credential expiry did not work.\n\n\n## Workaround\n\nHave credentials which only expire after fixes can be deployed.\n\n\n## Solution\n\nUpgrade the JWT dependency in any application using it.\n\nUpgrade the NATS server if using NATS Accounts.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-21T16:11:49", "type": "osv", "title": "Incorrect handling of credential expiry by /nats-io/nats-server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26892"], "modified": "2023-08-29T22:08:18", "id": "OSV:GHSA-2C64-VJ8G-VWRQ", "href": "https://osv.dev/vulnerability/GHSA-2c64-vj8g-vwrq", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "github": [{"lastseen": "2023-08-30T11:33:28", "description": "(This advisory is canonically https://advisories.nats.io/CVE/CVE-2020-26892.txt )\n\n## Problem Description\n\nNATS nats-server through 2020-10-07 has Incorrect Access Control because of how expired credentials are handled.\n\nThe NATS accounts system has expiration timestamps on credentials; the <https://github.com/nats-io/jwt> library had an API which encouraged misuse and an `IsRevoked()` method which misused its own API.\n\nA new `IsClaimRevoked()` method has correct handling and the nats-server has been updated to use this. The old `IsRevoked()` method now always returns true and other client code will have to be updated to avoid calling it.\n\nThe CVE identifier should cover any application using the old JWT API, where the nats-server is one of those applications.\n\n\n## Affected versions\n\n#### JWT library\n\n * all versions prior to 1.1.0\n * fixed after nats-io/jwt PR 103 landed (2020-10-06)\n\n#### NATS Server\n\n * Version 2 prior to 2.1.9\n + 2.0.0 through and including 2.1.8 are vulnerable.\n * fixed with nats-io/nats-server PRs 1632, 1635, 1645\n\n\n## Impact\n\nTime-based credential expiry did not work.\n\n\n## Workaround\n\nHave credentials which only expire after fixes can be deployed.\n\n\n## Solution\n\nUpgrade the JWT dependency in any application using it.\n\nUpgrade the NATS server if using NATS Accounts.", "cvss3": {}, "published": "2021-05-21T16:11:49", "type": "github", "title": "Incorrect handling of credential expiry by /nats-io/nats-server", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-26892"], "modified": "2023-08-29T22:08:20", "id": "GHSA-2C64-VJ8G-VWRQ", "href": "https://github.com/advisories/GHSA-2c64-vj8g-vwrq", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntucve": [{"lastseen": "2023-07-28T01:40:55", "description": "The JWT library in NATS nats-server before 2.1.9 has Incorrect Access\nControl because of how expired credentials are handled.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-06T00:00:00", "type": "ubuntucve", "title": "CVE-2020-26892", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26892"], "modified": "2020-11-06T00:00:00", "id": "UB:CVE-2020-26892", "href": "https://ubuntu.com/security/CVE-2020-26892", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2023-04-18T06:51:31", "description": "github.com/nats-io/nats-server uses an insecure session management. Expired credentials are not properly handled,\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-24T09:24:55", "type": "veracode", "title": "Insecure Session Management", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26892"], "modified": "2022-01-01T19:14:28", "id": "VERACODE:30641", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30641/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-06-06T14:41:30", "description": "The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-06T08:15:00", "type": "cve", "title": "CVE-2020-26892", "cwe": ["CWE-798"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26892"], "modified": "2022-01-01T18:18:00", "cpe": ["cpe:/o:fedoraproject:fedora:33"], "id": "CVE-2020-26892", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26892", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2023-06-06T15:26:40", "description": " A High Performance NATS Server written in Go and hosted by the Cloud Native Computing Foundation (CNCF). ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-04T01:08:19", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: nats-server-2.1.9-1.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26521", "CVE-2020-26892"], "modified": "2021-01-04T01:08:19", "id": "FEDORA:5E48B3095EA4", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-06-03T14:26:59", "description": "Update to 2.1.9 Security fix for CVE-2020-26892 Security fix for CVE-2020-26521\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-04T00:00:00", "type": "nessus", "title": "Fedora 33 : nats-server (2020-2c8851d48b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-26521", "CVE-2020-26892"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:nats-server", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2020-2C8851D48B.NASL", "href": "https://www.tenable.com/plugins/nessus/144669", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-2c8851d48b.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144669);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2020-26521\", \"CVE-2020-26892\");\n script_xref(name:\"FEDORA\", value:\"2020-2c8851d48b\");\n\n script_name(english:\"Fedora 33 : nats-server (2020-2c8851d48b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to 2.1.9 Security fix for CVE-2020-26892 Security fix for\nCVE-2020-26521\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-2c8851d48b\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected nats-server package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nats-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"nats-server-2.1.9-1.fc33\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nats-server\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "ibm": [{"lastseen": "2023-06-24T05:50:19", "description": "## Summary\n\nIBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security (CP4S).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-3918](<https://vulners.com/cve/CVE-2021-3918>) \n** DESCRIPTION: **Json-schema could allow a remote attacker to execute arbitrary code on the system, caused by an improperly controlled modification of object prototype attributes. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213750](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213750>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-1747](<https://vulners.com/cve/CVE-2020-1747>) \n** DESCRIPTION: **PyYAML could allow a remote attacker to execute arbitrary code on the system, caused by an error when processing untrusted YAML files through the full_load method or with the FullLoader loader. By abusing the python/object/new constructor, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178416](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178416>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-13091](<https://vulners.com/cve/CVE-2020-13091>) \n** DESCRIPTION: **pandas could allow a remote attacker to execute arbitrary commands on the system, caused by an unsafe deserialization in the read_pickle function. By sending a s__reduce__ makes an os.system call, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182005](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182005>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-1996](<https://vulners.com/cve/CVE-2022-1996>) \n** DESCRIPTION: **go-restful could allow a remote attacker to bypass security restrictions, caused by improper regular expression implementation in the CORS Filter feature. By sending a specially-crafted request using the AllowedDomains parameter, an attacker could exploit this vulnerability to break CORS policy and allow any page to make requests. \nCVSS Base score: 9.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/228317](<https://exchange.xforce.ibmcloud.com/vulnerabilities/228317>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2022-21235](<https://vulners.com/cve/CVE-2022-21235>) \n** DESCRIPTION: **VCS could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input. By using a specially-crafted argument, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223480](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223480>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-42740](<https://vulners.com/cve/CVE-2021-42740>) \n** DESCRIPTION: **Node.js shell-quote module could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw with windows drive letter regex. By sending a specially-crafted shell metacharacters, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211858](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211858>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-26892](<https://vulners.com/cve/CVE-2020-26892>) \n** DESCRIPTION: **NATS server and NATS JWT could allow a remote attacker to bypass security restrictions, caused by improper credential expiration handling in the JWT library. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to bypass access restrictions to create and sign a User JWT with a state not created by the normal tooling. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/191005](<https://exchange.xforce.ibmcloud.com/vulnerabilities/191005>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-29469](<https://vulners.com/cve/CVE-2021-29469>) \n** DESCRIPTION: **Node Redis redis module for Node.js is vulnerable to a denial of service, caused by a regular expression denial of service flaw in monitor mode. By sending specially-crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCloud Pak for Security (CP4S)| 1.10.0.0 - 1.10.6.0 \n \n \n\n\n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly. \n\nPlease upgrade to at least CP4S 1.10.7.0 following these instructions: <https://www.ibm.com/docs/en/cloud-paks/cp-security/1.10?topic=installing-upgrading-cloud-pak-security>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-12T17:19:56", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-13091", "CVE-2020-1747", "CVE-2020-26892", "CVE-2021-29469", "CVE-2021-3918", "CVE-2021-42740", "CVE-2022-1996", "CVE-2022-21235"], "modified": "2023-01-12T17:19:56", "id": "5EBDDE4F23BDE648A3D8ACD5EF59DF70B5EA28E4307897A3AD81A01D099D7AEA", "href": "https://www.ibm.com/support/pages/node/6854977", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}