Directory Traversal Vulnerability in NATS nats-server by NATS.io
CVE-2022-28357

9.8CRITICAL

Key Information:

Vendor: Linux
Status: Nats-server
Vendor: CVE Published:; 19 September 2023

Summary

The NATS nats-server, versions 2.2.0 to 2.7.4, is susceptible to a directory traversal vulnerability that allows unauthorized access to internal directories. This issue arises from an unintended path exposure that allows management accounts to execute unintended actions, potentially leading to sensitive data access or influencing server configurations. Users should promptly upgrade to the latest version to mitigate this risk.

References

https://github.com/nats-io/nats-server/releases

https://advisories.nats.io/CVE/CVE-2022-28357.txt

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 19, 2023
Vulnerability Reserved
Apr 2, 2022