CVE-2022-28357: NATS nats-server allows directory traversal via unintended path to a management action
9.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.45636%
CWE
Published
9/19/2023
Updated
11/12/2023
KEV Status
No
Technology
Go
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
github.com/nats-io/nats-server | go | >= 2.2.0, < 2.7.4 | 2.7.4 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from improper path sanitization during account synchronization in the privileged $SYS account. The advisory explicitly mentions 'inadequate check in constructing filenames for account synchronization' leading to directory traversal. While exact function
names aren't provided in available resources, NATS's architecture requires account data persistence, and the described vulnerability pattern strongly suggests a file
path construction function
in account management logic that fails to validate
user-controlled path components. The confidence is high because the CWE-22 classification and advisory details directly point to this class
of vulnerability in account synchronization handlers.