UBUNTU-CVE-2022-29946

NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerabilit...

PT-2024-11549 · Unknown · Nats Server +1

Name of the Vulnerable Software and Affected Versions: NATS Server versions prior to 2.8.2 NATS Streaming Server versions prior to 0.24.6 Description: The issue is caused by the failure to enforce negative user permissions in one scenario, allowing a remote attacker to bypass security restriction...

BIT-NATS-2022-26652

NATS nats-server before 2.7.4 allows Directory Traversal with write access via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected...

[SECURITY] Fedora 39 Update: golang-github-nats-io-streaming-server-0.25.6-1.fc39

NATS Streaming is an extremely performant, lightweight reliable streaming platform built on NATS...

[SECURITY] Fedora 38 Update: golang-github-nats-io-streaming-server-0.25.6-1.fc38

NATS Streaming is an extremely performant, lightweight reliable streaming platform built on NATS...

Fedora: Security Advisory for golang-github-nats-io-streaming-server (FEDORA-2023-3a895ff65c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-github-nats-io-streaming-server (FEDORA-2023-66966ae3d0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-github-nats-io-streaming-server (FEDORA-2023-6b89bc0305)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: golang-github-nats-io-streaming-server-0.25.5-1.fc39

NATS Streaming is an extremely performant, lightweight reliable streaming platform built on NATS...

Fedora: Security Advisory for golang-github-nats-io-streaming-server (FEDORA-2023-f122ea1b3e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: golang-github-nats-io-streaming-server-0.25.5-1.fc38

NATS Streaming is an extremely performant, lightweight reliable streaming platform built on NATS...

Fedora: Security Advisory for golang-github-nats-io-streaming-server (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-nats-io-streaming-server-0.20.0-6.fc36

NATS Streaming is an extremely performant, lightweight reliable streaming platform built on NATS...

Fedora: Security Advisory for golang-github-nats-io-streaming-server (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-github-nats-io-streaming-server-0.20.0-5.fc35

NATS Streaming is an extremely performant, lightweight reliable streaming platform built on NATS...

Fedora: Security Advisory for golang-github-nats-io-streaming-server (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-nats-io-streaming-server-0.20.0-5.fc36

NATS Streaming is an extremely performant, lightweight reliable streaming platform built on NATS...

CVE-2022-26652

NATS nats-server before 2.7.4 allows Directory Traversal with write access via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected...

Directory traversal

NATS nats-server before 2.7.4 allows Directory Traversal with write access via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected...

CVE-2022-26652

Summary: CVE-2022-26652 affects NATS nats-server (up to 2.7.3) and nats-streaming-server (up to 0.24.2). The issue is a directory traversal (“Zip Slip”) via an element in a ZIP archive used in JetStream streams, allowing potentially arbitrary file write. The root cause is insufficient sanitizatio...