92 matches found
UBUNTU-CVE-2025-30215
NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...
CVE-2025-30215
NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...
CVE-2025-30215 NATS-Server Fails to Authorize Certain Jetstream Admin APIs
NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...
CVE-2025-30215 NATS-Server Fails to Authorize Certain Jetstream Admin APIs
NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...
CVE-2025-30215
CVE-2025-30215 affects NATS-Server. In versions 2.2.0 through just before 2.10.27 and 2.11.1, the management of JetStream assets via the $JS namespace in the system account was partially exposed to regular accounts. This allowed certain JS API requests with management permissions in any account t...
CVE-2025-30215 NATS-Server Fails to Authorize Certain Jetstream Admin APIs
NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...
NATS Server may fail to authorize certain Jetstream admin APIs
Advisory The management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially exposed into regular accounts to allow account holders to manage their assets. Some of the JS API requests were missing access controls, allowing any user with ...
Improper Authorization
Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization through the JS.API.ACCOUNT.PURGE process. An attacker can delete all...
GHSA-FHG8-QXH5-7Q3W NATS Server may fail to authorize certain Jetstream admin APIs
Advisory The management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially exposed into regular accounts to allow account holders to manage their assets. Some of the JS API requests were missing access controls, allowing any user with ...
Improper Authorization
Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization through the JS.API.ACCOUNT.PURGE process. An attacker can delete all dat...
The vulnerability of the NATS messaging system’s server lies in the lack of access control elements for the JetStream API. This allows attackers to delete data.
The vulnerability of the NATS messaging system server is related to the lack of access control elements for the JetStream API. Exploiting this vulnerability could allow a malicious actor to delete data by sending specially crafted requests...
SUSE CVE-2025-30215
NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...
PT-2025-15666 · Unknown +1 · Nats Server +1
Name of the Vulnerable Software and Affected Versions: NATS-Server versions 2.2.0 through 2.10.27 NATS-Server versions prior to 2.11.1 Description: The issue is related to the absence of access controls for the JetStream API in NATS-Server, allowing any user with JS management permissions in any...
CVE-2024-56329
Socialstream is a third-party package for Laravel Jetstream. It replaces the published authentication and profile scaffolding provided by Laravel Jetstream, with scaffolding that has support for Laravel Socialite. When linking a social account to an already authenticated user, the lack of a...
CVE-2024-56329 Account Takeover Vulnerability in Social Account Linking in joelbutcher/socialstream
Socialstream is a third-party package for Laravel Jetstream. It replaces the published authentication and profile scaffolding provided by Laravel Jetstream, with scaffolding that has support for Laravel Socialite. When linking a social account to an already authenticated user, the lack of a...
CVE-2024-56329 Account Takeover Vulnerability in Social Account Linking in joelbutcher/socialstream
Socialstream is a third-party package for Laravel Jetstream. It replaces the published authentication and profile scaffolding provided by Laravel Jetstream, with scaffolding that has support for Laravel Socialite. When linking a social account to an already authenticated user, the lack of a...
CVE-2024-56329
CVE-2024-56329 affects the Socialstream package for Laravel Jetstream (joelbutcher/socialstream). The vulnerability arises during social account linking to an already authenticated user, where a missing confirmation step allows an account takeover risk. The issue is worsened when the Socialite co...
CVE-2024-56329 Account Takeover Vulnerability in Social Account Linking in joelbutcher/socialstream
Socialstream is a third-party package for Laravel Jetstream. It replaces the published authentication and profile scaffolding provided by Laravel Jetstream, with scaffolding that has support for Laravel Socialite. When linking a social account to an already authenticated user, the lack of a...
Socialstream 授权问题漏洞
Socialstream is a third-party package for Laravel Jetstream by Joel Butcher, an individual developer. An authorization issue vulnerability exists in versions of Socialstream prior to 6.2.0, which stems from a lack of a validation step when associating a social account with an authenticated user,...
MAL-2024-9481 Malicious code in @vertiv-co/adx-jetstream-util (npm)
--- -= Per source details. Do not edit below this line.=-...