BIT-nats-2022-24450

BIT-nats-2022-24450 PUBLISHED CVSS 8.800000190734863 HIGH

NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature.

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Bitnami	nats	2.0.0, 2.0.0, 2.0.0

Timeline

Mar 6, 2024 CVE Published
Apr 3, 2025 CVE Updated

References

https://advisories.nats.io/CVE/CVE-2022-24450.txt url
https://github.com/nats-io/nats-server/releases/tag/v2.7.2 url
https://nvd.nist.gov/vuln/detail/CVE-2022-24450 url

Open in Interactive Console →