NATS: 2023-01: Adding accounts for just the system account adds auth bypass

NATS: 2023-01: Adding accounts for just the system account adds auth bypass

Open Source Security 

Posted by Phil Pennock on Oct 13

[ CVE has been requested, still waiting for assignment, so we’re just
inventing our own in-house numbering for advisories; we’ll make sure
this one continues to work after the CVE is issued ]

NATS-advisory-ID: 2023-01
CVE: pending
Date: 2023-10-12
Fixed in: 2.9.23, 2.10.2

Background:

NATS.io is a high performance open source pub-sub distributed communication
technology, built for the cloud, on-premise, IoT, and edge computing….
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert