NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerability to allow denied subjects.
Metrics
Affected Vendors & Products
References
History
Mon, 09 Sep 2024 10:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-284 |
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-07-11T00:00:00
Updated: 2024-08-21T17:36:48.422Z
Reserved: 2022-04-29T00:00:00
Link: CVE-2022-29946
Vulnrichment
Updated: 2024-08-03T06:33:43.113Z
NVD
Status : Awaiting Analysis
Published: 2024-07-11T21:15:10.480
Modified: 2024-07-12T12:49:11.340
Link: CVE-2022-29946
Redhat