Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2022-24450

Published: 08/02/2022 Updated: 08/08/2023
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 802
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Nats Streaming Server

Vulnerability Summary

NATS nats-server prior to 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

nats nats streaming server

nats nats server

Vendor Advisories

Red Hat: Important: Red Hat Advanced Cluster Management 2.5 security updates, images, and bug fixes
Synopsis Important: Red Hat Advanced Cluster Management 25 security updates, images, and bug fixes Type/Severity Security Advisory: Important Topic Red Hat Advanced Cluster Management for Kubernetes 250 is now generally availableRed Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability ...
Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.4 security updates and bug fixes
Synopsis Moderate: Red Hat Advanced Cluster Management 244 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 244 GeneralAvailability release images This update provides security fixes, bug fixes, and updates container imagesRed Hat Product Security has rated ...
Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.5 security updates and bug fixes
Synopsis Moderate: Red Hat Advanced Cluster Management 245 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 245 GeneralAvailability release images, which fix bugs and update container imagesRed Hat Product Security has rated this update as having a security ...
Red Hat: Moderate: Red Hat Advanced Cluster Management 2.5.1 security updates and bug fixes
Synopsis Moderate: Red Hat Advanced Cluster Management 251 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 251 GeneralAvailability release images, which fix security issues and bugsRed Hat Product Security has rated this update as having a security impactof ...
Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes
Synopsis Moderate: Red Hat Advanced Cluster Management 243 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 243 General Availability release images This update provides security fixes, bug fixes, and updates the container imagesRed Hat Product Security has ...
Red Hat: Important: Red Hat Advanced Cluster Management 2.4.2 security updates and bug fixes
Synopsis Important: Red Hat Advanced Cluster Management 242 security updates and bug fixes Type/Severity Security Advisory: Important Topic Red Hat Advanced Cluster Management for Kubernetes 242 General Availabilityrelease images This update provides security fixes, fixes bugs, and updates the container imagesRed Hat Product Security ha ...
Red Hat: CVE-2022-24450
NATS nats-server before 272 has Incorrect Access Control Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature ...

Mailing Lists

Full Disclosure: [CVE-2022-24450] nats-server unconstrained account assumption by authenticated clients
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> [CVE-2022-24450] nats-server unconstrained account assumption by authenticated clients <!--X-Subject-Header-End--> <!--X-Head- ...

Github Repositories

https://github.com/deeptisjfrog/myfrogbot

Frogbot Table of contents What is Frogbot? Scan pull requests when they are opened Scanning repositories and fixing issues Installing Frogbot Reporting issues Contributions 🤖 What is Frogbot? Frogbot is a Git bot that scans your pull requests and repositories for security vulnerabilities You can scan pull requests when they are opened, and Git repositories following

https://github.com/samrjfrog/jfrogbot

Frogbot Table of contents What is Frogbot? How does it work? General GitHub GitLab Pull Request Comments Installing and Using Frogbot Contributions 🤖 What is Frogbot? Frogbot is a Git bot that scans your pull requests for security vulnerabilities using JFrog Xray Frogbot adds the scan results as a comment on the pull request If no new vulnerabilities are found

https://github.com/actions-marketplace-validations/jfrog_frogbot

Frogbot Table of contents What is Frogbot? Scan pull requests when they are opened Scanning repositories following new commits Installing and using Frogbot Contributions 🤖 What is Frogbot? Frogbot is a Git bot that scans your pull requests and repositories for security vulnerabilities You can scan pull requests when they are opened, and Git repositories following ne

References

CWE-862https://github.com/nats-io/nats-server/releases/tag/v2.7.2https://advisories.nats.io/CVE/CVE-2022-24450.txthttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2022:4956https://access.redhat.com/security/cve/cve-2022-24450
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook