CVE-2023-47090

Summary

CVE-2023-47090 is a vulnerability affecting NATS server versions before 2.9.23 and 2.10.x before 2.10.2. The issue involves an authentication bypass where an implicit $G user in an authorization block can be exploited for unauthenticated access. This vulnerability contradicts the intended configuration, which assumes each user has a separate account. The earliest affected version of NATS server is 2.2.0.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.