Main Vulnerability Database Vulnerabilities #VU111068

#VU111068 Incorrect authorization in nats-server - CVE-2023-47090

Published: June 11, 2025

Vulnerability identifier: #VU111068

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-47090

CWE-ID: CWE-863

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
nats-server

Software vendor:
NATS - The Cloud Native Messaging System

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to authentication bypass. A remote user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account

Remediation

Install updates from vendor's website.

External links

http://www.openwall.com/lists/oss-security/2023/10/30/1
https://github.com/nats-io/nats-server/security/advisories/GHSA-fr2g-9hjm-wr23
https://www.openwall.com/lists/oss-security/2023/10/13/2

#VU111068 Incorrect authorization in nats-server - CVE-2023-47090

Description

Remediation

External links

Please verify you're human