Lucene search

[email protected]NVD:CVE-2021-3127

HistoryMar 16, 2021 - 8:15 p.m.

CVE-2021-3127

2021-03-1620:15:13

CWE-755

[email protected]

web.nvd.nist.gov

nats server 2.x

jwt library

incorrect access control

import token bindings

mishandled

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

66.3%

JSON

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.

Affected configurations

Nvd

Node

natsjwt_libraryRange<2.0.1

natsnats_serverRange2.0.0–2.2.0

VendorProductVersionCPE
natsjwt_library*cpe:2.3:a:nats:jwt_library:*:*:*:*:*:*:*:*
natsnats_server*cpe:2.3:a:nats:nats_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nats	jwt_library	*	cpe:2.3:a:nats:jwt_library::::::::
nats	nats_server	*	cpe:2.3:a:nats:nats_server::::::::

References

advisories.nats.io/CVE/CVE-2021-3127.txt

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

66.3%

JSON

Related for NVD:CVE-2021-3127

ubuntucve1 cve1 osv7 debiancve1 prion1 veracode1 github2 cvelist1 redhatcve1