VYPR
High severityNVD Advisory· Published Oct 30, 2023· Updated Sep 9, 2024

CVE-2023-47090

CVE-2023-47090

Description

NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/nats-io/nats-server/v2Go
>= 2.2.0, < 2.9.232.9.23
github.com/nats-io/nats-server/v2Go
>= 2.10.0, < 2.10.22.10.2

Affected products

4

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.