CVE-2023-47090

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 30, 2023
Updated: Nov 8, 2023
CWE ID 863

Summary

CVE-2023-47090 is a vulnerability affecting NATS server versions before 2.9.23 and 2.10.x before 2.10.2. The issue involves an authentication bypass where an implicit $G user in an authorization block can be exploited for unauthenticated access. This vulnerability contradicts the intended configuration, which assumes each user has a separate account. The earliest affected version of NATS server is 2.2.0.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share