Lucene search
+L

6 matches found

Github Security Blog
Github Security Blog
added 2022/02/15 12:42 a.m.32 views

nats-io/jwt not enforcing checking of Import token permissions

This advisory is canonically Problem Description The NATS server provides for Subjects which are namespaced by Account; all Subjects are supposed to be private to an account, with an Export/Import system used to grant cross-account access to some Subjects. Some Exports are public, such that anyon...

7.5CVSS7.3AI score0.0146EPSS
Exploits1References6Affected Software2
Github Security Blog
Github Security Blog
added 2021/05/21 4:22 p.m.40 views

github.com/nats-io/nats-server Import token permissions checking not enforced

This advisory is canonically Problem Description The NATS server provides for Subjects which are namespaced by Account; all Subjects are supposed to be private to an account, with an Export/Import system used to grant cross-account access to some Subjects. Some Exports are public, such that anyon...

7.5CVSS7.4AI score0.0146EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2021/05/21 4:22 p.m.25 views

GHSA-J756-F273-XHP4 github.com/nats-io/nats-server Import token permissions checking not enforced

This advisory is canonically Problem Description The NATS server provides for Subjects which are namespaced by Account; all Subjects are supposed to be private to an account, with an Export/Import system used to grant cross-account access to some Subjects. Some Exports are public, such that anyon...

7.5CVSS7.4AI score0.0146EPSS
Exploits1References6
OSV
OSV
added 2021/03/16 8:15 p.m.4 views

DEBIAN-CVE-2021-3127

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled...

7.5CVSS7.3AI score0.0146EPSS
Exploits1References1
CVE
CVE
added 2021/03/16 7:55 p.m.92 views

CVE-2021-3127

The CVE concerns NATS Server 2.x (pre-2.2.0) and the JWT library (pre-2.0.1) where Import Token bindings were mishandled, causing Incorrect Access Control. The root cause is improper validation of Import Token bindings, allowing cross-account access to imported subjects. Affected versions include...

7.5CVSS7.4AI score0.0146EPSS
Exploits1References1Affected Software2
UbuntuCve
UbuntuCve
added 2021/03/16 12:0 a.m.27 views

CVE-2021-3127

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled...

7.5CVSS7.1AI score0.0146EPSS
Exploits1References6
Rows per page
Query Builder