Lucene search

K
githubGitHub Advisory DatabaseGHSA-VPJC-4JCV-JC29
HistorySep 19, 2023 - 3:30 a.m.

NATS nats-server allows directory traversal via unintended path to a management action

2023-09-1903:30:34
CWE-22
GitHub Advisory Database
github.com
11
nats server
directory traversal
management action

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

52.0%

NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.

Affected configurations

Vulners
Node
nats-ionats-serverRange2.2.02.7.4
VendorProductVersionCPE
nats-ionats-server*cpe:2.3:a:nats-io:nats-server:*:*:*:*:*:*:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

52.0%