NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-10-30T00:00:00

Updated: 2024-09-09T20:30:00.174Z

Reserved: 2023-10-30T00:00:00

Link: CVE-2023-47090

cve-icon Vulnrichment

Updated: 2024-08-02T21:01:22.641Z

cve-icon NVD

Status : Modified

Published: 2023-10-30T17:15:52.467

Modified: 2024-11-21T08:29:44.953

Link: CVE-2023-47090

cve-icon Redhat

No data.