Lucene search
PRIOn knowledge basePRION:CVE-2023-47090HistoryOct 30, 2023 - 5:15 p.m.
Authentication flaw
2023-10-3017:15:00
PRIOn knowledge base
www.prio-n.com
4
nats server
authentication bypass
versions
security flaw
implicit user
unauthenticated access
NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nats-server | ge | 2.10.0 | |
| nats-server | lt | 2.10.2 | |
| nats-server | ge | 2.2.0 | |
| nats-server | lt | 2.9.23 |
Related
ubuntucve
ubuntucve
CVE-2023-47090
2023-10-30 00:00:00
github
github
NATS.io: Adding accounts for just the system account adds auth bypass
2023-10-19 16:13:03
cvelist
cvelist
CVE-2023-47090
2023-10-30 00:00:00
nvd
nvd
CVE-2023-47090
2023-10-30 17:15:52
osv
osv
Authorization bypass in github.com/nats-io/nats-server/v2
2023-10-24 20:27:36
NATS.io: Adding accounts for just the system account adds auth bypass
2023-10-19 16:13:03
CVE-2023-47090
2023-10-30 17:15:52
debiancve
debiancve
CVE-2023-47090
2023-10-30 17:15:52
cbl_mariner
cbl_mariner
CVE-2023-47090 affecting package telegraf for versions less than 1.28.5-1
2024-01-14 22:46:30
CVE-2023-47090 affecting package telegraf for versions less than 1.29.4-1
2024-04-17 22:02:46
cgr
cgr
CVE-2023-47090 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Authentication Bypass
2023-10-31 06:24:29
cve
cve
CVE-2023-47090
2023-10-30 17:15:52
wolfi
wolfi
CVE-2023-47090 vulnerabilities
2024-06-26 15:33:03