Vulnerability Description
NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linuxfoundation | Nats-Server | >= 2.2.0, <= 2.7.4 |
Related Weaknesses (CWE)
References
- https://advisories.nats.io/CVE/CVE-2022-28357.txtThird Party Advisory
- https://github.com/nats-io/nats-server/releasesRelease Notes
- https://advisories.nats.io/CVE/CVE-2022-28357.txtThird Party Advisory
- https://github.com/nats-io/nats-server/releasesRelease Notes
FAQ
What is CVE-2022-28357?
CVE-2022-28357 is a vulnerability with a CVSS score of 9.8 (CRITICAL). NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.
How severe is CVE-2022-28357?
CVE-2022-28357 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-28357?
Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Nats-Server.