Privilege Escalation via Misuse of Dynamically Provisioned Sandbox Accounts in NATS nats-server

Privilege Escalation via Misuse of Dynamically Provisioned Sandbox Accounts in NATS nats-server

CVE-2022-24450 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature.

Learn more about our Cis Benchmark Audit For Server Software.