CVE-2023-47090

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0.

Vendor	n/a
Product	n/a
Published	Oct 30, 2023
Last Updated	Sep 9, 2024

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new unknown vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/nats-io/nats-server/security/advisories/GHSA-fr2g-9hjm-wr23 openwall.com: https://www.openwall.com/lists/oss-security/2023/10/13/2 openwall.com: http://www.openwall.com/lists/oss-security/2023/10/30/1