NATS nats-server privilege escalation | CVE-2022-24450
NAME
NATS nats-server privilege escalation
- Platforms Affected:
NATS nats-server 2.7.1 - Risk Level:
8.8 - Exploitability:
Unproven - Consequences:
Gain Privileges
DESCRIPTION
NATS nats-server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper access control. By misusing the “dynamically provisioned sandbox accounts” feature, an authenticated attacker could exploit this vulnerability to gain elevated privileges to access System account.
CVSS 3.0 Information
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Upgrade to the latest version of nats-server (2.7.2 or later), available from the nats-server GIT Repository. See References.
- Reference Link:
https://seclists.org/oss-sec/2022/q1/126 - Reference Link:
https://github.com/nats-io/nats-server
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.