CVE-2022-24450
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-24450
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24450.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-24450
- Aliases
- Related
- Published
- 2022-02-08T02:15:06Z
- Modified
- 2025-07-29T10:24:22.307924Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature.
- References
Affected packages
Git / github.com/nats-io/nats-server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nats-io/nats-server
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/nats-io/nats-streaming-server
- Events
Affected versions
v0.*
v0.15.0
v0.15.1
v0.16.0
v0.16.2
v0.17.0
v0.18.0
v0.19.0
v0.20.0
v0.21.0
v0.21.1
v0.21.2
v0.22.0
v0.22.1
v0.23.0
v0.23.1
v0.23.2
v0.24.0
v0.5.1
v0.5.2
v0.5.4
v0.5.6
v0.6.0
v0.6.2
v0.6.4
v0.6.6
v0.6.8
v0.7.0
v0.7.2
v0.8.0
v0.8.1
v0.9.2
v0.9.4
v0.9.6
v1.*
v1.0.0
v1.0.2
v1.0.4
v1.0.6
v1.1.0
v1.2.0
v1.3.0
v2.*
v2.0.0
v2.0.0-RC14
v2.0.0-RC19
v2.0.2
v2.0.4
v2.1.0
v2.1.2
v2.1.4
v2.1.6
v2.1.7
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.5.0
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.7.0
v2.7.0-rc1
v2.7.0-rc2
v2.7.1