CVE-2023-47090

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-47090

CGA ID

CGA-8wrr-6c9x-2fp2

Severity

Unknown

Description

NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0.

References

https://images.chainguard.dev/security/CGA-8wrr-6c9x-2fp2
https://github.com/advisories/GHSA-fr2g-9hjm-wr23
https://github.com/nats-io/nats-server/security/advisories/GHSA-fr2g-9hjm-wr23
http://www.openwall.com/lists/oss-security/2023/10/30/1
https://www.openwall.com/lists/oss-security/2023/10/13/2
https://security-tracker.debian.org/tracker/CVE-2023-47090

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2023-47090

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources