Authentication Bypass by Primary Weakness The advisory has been revoked - it doesn't affect any version of package github.com/nats-io/nats-server/server (opens in a new tab)
Threat Intelligence
Exploit Maturity
Exploit maturity not defined.
Not Defined
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-GOLANG-GITHUBCOMNATSIONATSSERVERSERVER-6016640
- published20 Oct 2023
- disclosed19 Oct 2023
- creditAlex Herrington
Introduced: 19 Oct 2023
CVE NOT AVAILABLE CWE-305 (opens in a new tab)Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
A fix was pushed into the master branch but not yet published.
Amendment
This was deemed not a vulnerability.
Overview
github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices.
Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness due to improper authorisation rules in the server component. This results in users connecting without authentication.