Vulnerabilities > Linuxfoundation > Nats Server

DATE CVE VULNERABILITY TITLE RISK
2023-10-30 CVE-2023-47090 Incorrect Authorization vulnerability in Linuxfoundation Nats-Server
NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass.
network
low complexity
linuxfoundation CWE-863
6.5
6.5
2023-09-19 CVE-2022-28357 Path Traversal vulnerability in Linuxfoundation Nats-Server
NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.
network
low complexity
linuxfoundation CWE-22
critical
 9.8
9.8
2020-11-06 CVE-2020-26892 Use of Hard-coded Credentials vulnerability in multiple products
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.
network
low complexity
linuxfoundation fedoraproject CWE-798
critical
 9.8
9.8
2020-11-06 CVE-2020-26521 NULL Pointer Dereference vulnerability in multiple products
The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).
network
low complexity
linuxfoundation fedoraproject CWE-476
7.5
7.5