Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Mageia 8: MGASA-2022-0225 Moderate: NATS Access Control Issue

mageia
Calendar Grey June 13, 2022
Dist Mageia Esm H88
Mageia 2022-0226 revisions for NATS software address misconfigured permissions leading to escalation of privileges.
NATS nats-server before 2.7.2 has Incorrect Access Control

Summary

NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature. (CVE-2022-24450)

References

- https://bugs.mageia.org/show_bug.cgi?id=30013

- https://advisories.nats.io/CVE/CVE-2022-24450.txt

- https://www.cve.org/CVERecord?id=CVE-2022-24450

Topics%20covered

Topics Covered

security advisory software update privilege escalation access control moderate severity Mageia NATS

Resolution

SRPMS

- 8/core/nats-server-2.1.9-1.1.mga8

Publication date: 13 Jun 2022
URL: https://advisories.mageia.org/MGASA-2022-0225.html
Type: security
CVE: CVE-2022-24450

Topics%20covered

Topics Covered

security advisory software update privilege escalation access control moderate severity Mageia NATS

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here