21 matches found
GHSA-2H2X-8HH2-MFQ8 NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects
NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerabilit...
CVE-2022-29946
NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerabilit...
CVE-2022-29946
NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerabilit...
CVE-2022-29946
NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerabilit...
CVE-2022-29946
NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerabilit...
CVE-2022-29946
NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerabilit...
CVE-2022-29946
Summary: CVE-2022-29946 affects the NATS Server (before 2.8.2) and NATS Streaming Server (before 0.24.6), where a failure to enforce negative user permissions can be exploited to bypass security restrictions. What is vulnerable: the permission model for subjects in queue subscriptions on wildcard...
Fedora 40 : golang-github-nats-io / golang-github-nats-io-jwt-2 / etc (2023-5f984129b2)
The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-5f984129b2 advisory. Updated NATS stack for CVE-2023-39325 and CVE-2023-46129 Tenable has extracted the preceding description block directly from the Fedora security...
Fedora 39 : golang-github-nats-io / golang-github-nats-io-jwt-2 / etc (2023-3a895ff65c)
The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-3a895ff65c advisory. Updated NATS stack for CVE-2023-39325 and CVE-2023-46129 Tenable has extracted the preceding description block directly from the Fedora security...
CBL Mariner 2.0 Security Update: telegraf (CVE-2023-46129)
The version of telegraf installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-46129 advisory. - NATS.io is a high performance open source pub-sub distributed communication technology, built for the clou...
GHSA-MR45-RX8Q-WCM9 xkeys seal encryption used fixed key for all encryption
Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in...
xkeys seal encryption used fixed key for all encryption
Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in...
CVE-2023-46129
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...
Authentication flaw
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...
CVE-2023-46129
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...
CVE-2023-46129 xkeys Seal encryption used fixed key for all encryption
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...
CVE-2023-46129
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...
CVE-2023-46129 xkeys Seal encryption used fixed key for all encryption
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...
CVE-2023-46129
CVE-2023-46129 describes a crypto bug in the nkeys library used by NATS. In nkeys versions 0.4.0–0.4.5 (aligned with NATS server 2.10.0–2.10.3), the xkeys encryption handling logic accidentally passed an array by value to an internal function that mutated the buffer to supply the encryption key. ...
CVE-2023-46129
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server...