Main Vulnerability Database SB2023103077

SB2023103077 - Incorrect authorization in NATS nats-server

Published: October 30, 2023 Updated: June 11, 2025

Security Bulletin ID SB2023103077

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Incorrect authorization (CVE-ID: CVE-2023-47090)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to authentication bypass. A remote user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account

Remediation

Install update from vendor's website.

References

http://www.openwall.com/lists/oss-security/2023/10/30/1
https://github.com/nats-io/nats-server/security/advisories/GHSA-fr2g-9hjm-wr23
https://www.openwall.com/lists/oss-security/2023/10/13/2