Re: NATS: 2023-01: Adding accounts for just the system account adds auth bypass

Re: NATS: 2023-01: Adding accounts for just the system account adds auth bypass

Open Source Security 

Posted by Phil Pennock on Oct 29

No.

For 2023-01 I went with our existing procedure and requested an
assignment from MITRE, just as in all prior cases. I got the automated
acknowledgement (on Thursday 28th Sep, request ID 1532633). I’ve yet to
get a CVE assignment.

So for the next one, I tried a new approach. I filled out the GitHub
Security Advisory flow ahead of release, got a GHSA, and requested a CVE
immediately. It looks like that was issued the next day.

Going…
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert