Privilege Escalation via Misuse of Dynamically Provisioned Sandbox Accounts in NATS nats-server
CVE-2022-24450 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature.
Learn more about our Cis Benchmark Audit For Server Software.