CVE-2022-29946
MEDIUMNATS.io NATS Server <2.8.2 & Streaming Server <0.24.6 - Auth Bypass
Title source: llmDescription
NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerability to allow denied subjects.
References (1)
Core 1
Core References
Scores
CVSS v3
6.3
EPSS
0.0048
EPSS Percentile
37.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
Status
published
Products (2)
nats-io/nats-server
0 - 2.8.2Go
nats-io/nats-streaming-server
0 - 0.24.6Go
Published
Jul 11, 2024
Tracked Since
Feb 18, 2026