Lucene search

Ubuntu.comUB:CVE-2023-47090

HistoryOct 30, 2023 - 12:00 a.m.

CVE-2023-47090

2023-10-3000:00:00

ubuntu.com

cve-2023-47090

nats nats-server

authentication bypass

version 2.10.2

implicit $g user

authorization block

unauthenticated access

configuration

earliest affected version

unix

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.3%

JSON

NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an
authentication bypass. An implicit $G user in an authorization block can
sometimes be used for unauthenticated access, even when the intention of
the configuration was for each user to have an account. The earliest
affected version is 2.2.0.

OSVersionArchitecturePackageVersionFilename
ubuntu23.10noarchnats-server< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	23.10	noarch	nats-server	< any	UNKNOWN

References

advisories.nats.io/CVE/secnote-2023-01.txt

github.com/nats-io/nats-server/security/advisories/GHSA-fr2g-9hjm-wr23

launchpad.net/bugs/cve/CVE-2023-47090

nvd.nist.gov/vuln/detail/CVE-2023-47090

security-tracker.debian.org/tracker/CVE-2023-47090

www.cve.org/CVERecord?id=CVE-2023-47090

www.openwall.com/lists/oss-security/2023/10/13/2

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.3%

JSON

Related for UB:CVE-2023-47090