[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] NATS: 2023-01: Adding accounts for just the system account adds auth bypass
From: Phil Pennock <oss-security-phil () spodhuis ! org>
Date: 2023-10-30 17:40:46
Message-ID: ZT/qnsR7RiQSv99z () hill ! local
[Download RAW message or body]
On 2023-10-29 at 15:51 -0400, Phil Pennock wrote:
> On 2023-10-28 at 17:51 +0200, Salvatore Bonaccorso wrote:
> > On Thu, Oct 12, 2023 at 10:39:53PM -0400, Phil Pennock wrote:
> > > [ CVE has been requested, still waiting for assignment, so we're just
> > > inventing our own in-house numbering for advisories; we'll make sure
> > > this one continues to work after the CVE is issued ]
> > >
> > > NATS-advisory-ID: 2023-01
> > > CVE: pending
> > > Date: 2023-10-12
> > > Fixed in: 2.9.23, 2.10.2
> >
> > While I see the later NATS-advisory-ID 2023-02 has a CVE assigned, for
> > the 2023-01 was above with CVE pending. has one been assigned in
> > meanwhile?
>
> No.
Now: yes. CVE-2023-47090 has been assigned today.
My thanks to whomever gave the nudge.
(Website will be updated as soon as GitHub has an action runner
available to process the pages build).
-Phil
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic