Lucene search
+L

8 matches found

NVD
NVD
added 2026/07/08 8:16 p.m.7 views

CVE-2026-58251

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny...

6.5CVSS0.00463EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/08 7:40 p.m.36 views

CVE-2026-58251 NATS Server: Queue Subscribe Authz Bypass

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny...

6.5CVSS0.00463EPSS
Exploits0References7
OSV
OSV
added 2026/07/08 7:40 p.m.4 views

CVE-2026-58251 NATS Server: Queue Subscribe Authz Bypass

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny...

6.5CVSS6.1AI score0.00463EPSS
Exploits0References9
Veracode
Veracode
added 2024/07/12 6:59 a.m.18 views

Authentication Bypass

github.com/nats-io/nats-server is vulnerable to Authentication bypass. The vulnerability is due to a failure to enforce negative user permissions in one scenario. Attackers can exploit this by using a queue subscription on the wildcard to access denied subjects...

6.3CVSS6.6AI score0.00478EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/11 9:31 p.m.16 views

NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects

NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerabilit...

6.3CVSS6.9AI score0.00478EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2024/07/11 9:15 p.m.16 views

UBUNTU-CVE-2022-29946

NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerabilit...

6.3CVSS5.8AI score0.00478EPSS
Exploits0References3
OSV
OSV
added 2021/12/14 12:15 p.m.7 views

CVE-2021-44522

A vulnerability has been identified in SiPass integrated V2.76 All versions, SiPass integrated V2.80 All versions, SiPass integrated V2.85 All versions, Siveillance Identity V1.5 All versions, Siveillance Identity V1.6 All versions V1.6.284.0. Affected applications insufficiently limit the access...

7.5CVSS5.8AI score0.0136EPSS
Exploits0References2
Prion
Prion
added 2021/12/14 12:15 p.m.14 views

Design/Logic Flaw

A vulnerability has been identified in SiPass integrated V2.76 All versions, SiPass integrated V2.80 All versions, SiPass integrated V2.85 All versions, Siveillance Identity V1.5 All versions, Siveillance Identity V1.6 All versions V1.6.284.0. Affected applications insufficiently limit the access...

5CVSS8.5AI score0.0136EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder