Weak Cryptography

🗓️ 01 Nov 2023 09:24:50Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 14 Views

Weak Cryptography vulnerability in nats-server and nkeys software

Reporter	Title	Published	Views	Family All 60
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	10 Jun 202523:04	–	ibm
AlpineLinux	CVE-2023-46129	30 Oct 202323:47	–	alpinelinux
CBLMariner	CVE-2023-46129 affecting package telegraf for versions less than 1.27.4-1	17 Nov 202323:23	–	cbl_mariner
CBLMariner	CVE-2023-46129 affecting package telegraf for versions less than 1.29.4-1	17 Apr 202422:02	–	cbl_mariner
Chainguard	CVE-2023-46129 vulnerabilities	31 Oct 202300:15	–	cgr
CNNVD	NATS Server Security Vulnerability	29 Oct 202300:00	–	cnnvd
CVE	CVE-2023-46129	30 Oct 202323:47	–	cve
Cvelist	CVE-2023-46129 xkeys Seal encryption used fixed key for all encryption	30 Oct 202323:47	–	cvelist
Debian CVE	CVE-2023-46129	30 Oct 202323:47	–	debiancve
EUVD	EUVD-2023-2780	3 Oct 202520:07	–	euvd

Vulners

Node

linuxfoundation nats-serverMatch2.9.16-r2go

AND

linuxfoundation nats-serverMatch2.9.21-r1go

AND

linuxfoundation nats-serverMatch2.9.15-r1go

AND

linuxfoundation nats-serverMatch2.9.2-r2go

AND

linuxfoundation nats-serverMatch2.9.14-r0go

AND

linuxfoundation nats-serverMatch2.9.20-r0go

AND

linuxfoundation nats-serverMatch2.9.7-r0go

AND

linuxfoundation nats-serverMatch2.9.11-r0go

AND

linuxfoundation nats-serverMatch2.9.18-r0go

AND

linuxfoundation nats-serverMatch2.9.12-r0go

AND

linuxfoundation nats-serverMatch2.9.8-r1go

AND

linuxfoundation nats-serverMatch2.9.3-r0go

AND

linuxfoundation nats-serverMatch2.9.2-r0go

AND

linuxfoundation nats-serverMatch2.9.6-r0go

AND

linuxfoundation nats-serverMatch2.9.21-r0go

AND

linuxfoundation nats-serverMatch2.9.19-r0go

AND

linuxfoundation nats-serverMatch2.9.10-r0go

AND

linuxfoundation nats-serverMatch2.10.2-r0go

AND

linuxfoundation nats-serverMatch2.9.4-r0go

AND

linuxfoundation nats-serverMatch2.9.1-r0go

AND

linuxfoundation nats-serverMatch2.9.8-r0go

AND

linuxfoundation nats-serverMatch2.9.16-r1go

AND

linuxfoundation nats-serverMatch2.9.19-r1go

AND

linuxfoundation nats-serverMatch2.10.3-r0go

AND

linuxfoundation nats-serverMatch2.8.4-r1go

AND

linuxfoundation nats-serverMatch2.9.14-r1go

AND

linuxfoundation nats-serverMatch2.9.17-r0go

AND

linuxfoundation nats-serverMatch2.9.15-r0go

AND

linuxfoundation nats-serverMatch2.9.22-r0go

AND

linuxfoundation nats-serverMatch2.8.4-r2go

AND

linuxfoundation nats-serverMatch2.9.0-r0go

AND

linuxfoundation nats-serverMatch2.10.1-r0go

AND

linuxfoundation nats-serverMatch2.8.4-r0go

AND

alpinelinux alpine_linuxMatchedge

nats-io github.com/nats-io/nkeysRangev0.4.1–0.4.1go

nats-io github.com/nats-io/nats-serverRangev2.10.0–2.10.0go

Source	Link
security-tracker	www.security-tracker.debian.org/tracker/CVE-2023-46129
github	www.github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/
openwall	www.openwall.com/lists/oss-security/2023/10/31/1
github	www.github.com/nats-io/nats-server/releases/tag/v2.10.4
github	www.github.com/nats-io/nats-server/commit/218584d394ddefacfe520ef768acdc04c443a152
github	www.github.com/nats-io/nkeys/commit/58fb9d69f42ea73fffad1d14e5914dc666f3daa1

29 Nov 2023 06:34Current

7.1High risk

Vulners AI Score7.1

CVSS 3.17.5

EPSS0.00374

SSVC