NATS.io: Adding accounts for just the system account adds auth bypass

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. NATS users exist within accounts, and once using accounts, the old authorization block is not applicable. Problem Description Without any...

PT-2023-30299 · Nats +1 · Nats Nats-Server +1

Name of the Vulnerable Software and Affected Versions: NATS nats-server versions 2.2.0 through 2.9.22 NATS nats-server versions 2.10.0 through 2.10.1 Description: The issue is related to an authentication bypass in NATS nats-server. An implicit $G user in an authorization block can sometimes be...