Veracode Vulnerability DatabaseVERACODE:44092Weak Cryptography
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.8%
github.com/nats-io/nats-server and github.com/nats-io/nkeys are vulnerable to Weak Cryptography. The vulnerability exists due to improper encryption handling logic because the signing key is zero valued.
References
www.openwall.com/lists/oss-security/2023/10/31/1
github.com/nats-io/nats-server/commit/218584d394ddefacfe520ef768acdc04c443a152
github.com/nats-io/nats-server/releases/tag/v2.10.4
github.com/nats-io/nkeys/commit/58fb9d69f42ea73fffad1d14e5914dc666f3daa1
github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9
lists.fedoraproject.org/archives/list/[email protected]/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/
lists.fedoraproject.org/archives/list/[email protected]/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/
security-tracker.debian.org/tracker/CVE-2023-46129
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.8%