Duplicate Advisory: Incorrect Access Control in github.com/nats-io/jwt and github.com/nats-io/nats-server/v2

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-62mh-w5cv-p88c for github.com/nats-io/jwt and GHSA-j756-f273-xhp4 for github.com/nats-io/nats-server. This link is maintained to preserve external references. Original Description NATS Server...

CVE-2021-3127

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled...

CVE-2021-3127

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled...

UBUNTU-CVE-2021-3127

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled...

CVE-2021-3127

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled...

CVE-2021-3127

The CVE concerns NATS Server 2.x (pre-2.2.0) and the JWT library (pre-2.0.1) where Import Token bindings were mishandled, causing Incorrect Access Control. The root cause is improper validation of Import Token bindings, allowing cross-account access to imported subjects. Affected versions include...

CVE-2021-3127

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled...