Main Vulnerability Database Vulnerabilities #VU111068

Incorrect authorization in nats-server - CVE-2023-47090

Published: June 11, 2025

Vulnerability identifier: #VU111068

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-47090

CWE-ID: CWE-863

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: NATS - The Cloud Native Messaging System

Affected software:
nats-server

Detailed vulnerability description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to authentication bypass. A remote user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account

How to mitigate CVE-2023-47090

Install updates from vendor's website.

Sources

http://www.openwall.com/lists/oss-security/2023/10/30/1
https://github.com/nats-io/nats-server/security/advisories/GHSA-fr2g-9hjm-wr23
https://www.openwall.com/lists/oss-security/2023/10/13/2

Incorrect authorization in nats-server - CVE-2023-47090

Detailed vulnerability description

How to mitigate CVE-2023-47090

Sources

Please verify you're human