oss-sec mailing list archives
Re: NATS: 2023-01: Adding accounts for just the system account adds auth bypass
From: Salvatore Bonaccorso <carnil () debian org>
Date: Sat, 28 Oct 2023 17:51:23 +0200
Hi, On Thu, Oct 12, 2023 at 10:39:53PM -0400, Phil Pennock wrote:
[ CVE has been requested, still waiting for assignment, so we're just inventing our own in-house numbering for advisories; we'll make sure this one continues to work after the CVE is issued ] NATS-advisory-ID: 2023-01 CVE: pending Date: 2023-10-12 Fixed in: 2.9.23, 2.10.2
While I see the later NATS-advisory-ID 2023-02 has a CVE assigned, for the 2023-01 was above with CVE pending. has one been assigned in meanwhile? Regards, Salvatore
Current thread:
- NATS: 2023-01: Adding accounts for just the system account adds auth bypass Phil Pennock (Oct 13)
- Re: NATS: 2023-01: Adding accounts for just the system account adds auth bypass Salvatore Bonaccorso (Oct 28)
- Re: NATS: 2023-01: Adding accounts for just the system account adds auth bypass Phil Pennock (Oct 29)
- Re: NATS: 2023-01: Adding accounts for just the system account adds auth bypass Phil Pennock (Oct 30)
- Re: NATS: 2023-01: Adding accounts for just the system account adds auth bypass Phil Pennock (Oct 29)
- Re: NATS: 2023-01: Adding accounts for just the system account adds auth bypass Salvatore Bonaccorso (Oct 28)