x/vulndb: potential Go vuln in github.com/nats-io/nats-server: CVE-2022-28357 #2066

GoVulnBot · 2023-09-19T03:01:22Z

CVE-2022-28357 references github.com/nats-io/nats-server, which may be a Go module.

Description:
NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.

References:

Cross references:

Module github.com/nats-io/nats-server appears in issue x/vulndb: potential Go vuln in github.com/nats-io/nats-server: CVE-2022-24450 #307 EFFECTIVELY_PRIVATE
Module github.com/nats-io/nats-server appears in issue x/vulndb: potential Go vuln in github.com/nats-io/nats-server: CVE-2022-26652 #351 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/nats-io/nats-server
      vulnerable_at: 1.4.1
      packages:
        - package: n/a
description: |-
    NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an
    unintended path to a management action from a management account.
cves:
    - CVE-2022-28357
references:
    - web: https://github.com/nats-io/nats-server/releases
    - web: https://advisories.nats.io/CVE/CVE-2022-28357.txt

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-09-19T22:49:03Z

Change https://go.dev/cl/529258 mentions this issue: data/excluded: batch add 1 excluded reports

gopherbot · 2024-06-14T17:44:25Z

Change https://go.dev/cl/592763 mentions this issue: data/reports: unexclude 75 reports

gopherbot · 2024-08-20T16:56:28Z

Change https://go.dev/cl/606791 mentions this issue: data/reports: unexclude 20 reports (11)

- data/reports/GO-2023-2051.yaml - data/reports/GO-2023-2053.yaml - data/reports/GO-2023-2055.yaml - data/reports/GO-2023-2063.yaml - data/reports/GO-2023-2065.yaml - data/reports/GO-2023-2066.yaml - data/reports/GO-2023-2067.yaml - data/reports/GO-2023-2068.yaml - data/reports/GO-2023-2069.yaml - data/reports/GO-2023-2070.yaml - data/reports/GO-2023-2071.yaml - data/reports/GO-2023-2072.yaml - data/reports/GO-2023-2073.yaml - data/reports/GO-2023-2075.yaml - data/reports/GO-2023-2078.yaml - data/reports/GO-2023-2079.yaml - data/reports/GO-2023-2080.yaml - data/reports/GO-2023-2084.yaml - data/reports/GO-2023-2085.yaml - data/reports/GO-2023-2088.yaml Updates #2051 Updates #2053 Updates #2055 Updates #2063 Updates #2065 Updates #2066 Updates #2067 Updates #2068 Updates #2069 Updates #2070 Updates #2071 Updates #2072 Updates #2073 Updates #2075 Updates #2078 Updates #2079 Updates #2080 Updates #2084 Updates #2085 Updates #2088 Change-Id: I0103dfe39411ae2cf3d74933349260db7dc3496b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606791 Commit-Queue: Tatiana Bradley <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Damien Neil <[email protected]> Auto-Submit: Tatiana Bradley <[email protected]>

zpavlinovic self-assigned this Sep 19, 2023

zpavlinovic added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Sep 19, 2023

gopherbot closed this as completed in f6f7866 Sep 20, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/nats-io/nats-server: CVE-2022-28357 #2066

x/vulndb: potential Go vuln in github.com/nats-io/nats-server: CVE-2022-28357 #2066

GoVulnBot commented Sep 19, 2023

gopherbot commented Sep 19, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in github.com/nats-io/nats-server: CVE-2022-28357 #2066

x/vulndb: potential Go vuln in github.com/nats-io/nats-server: CVE-2022-28357 #2066

Comments

GoVulnBot commented Sep 19, 2023

gopherbot commented Sep 19, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024