Miggo Logo

CVE-2022-28357: NATS nats-server allows directory traversal via unintended path to a management action

9.8

CVSS Score
3.1

Basic Information

EPSS Score
0.45636%
Published
9/19/2023
Updated
11/12/2023
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/nats-io/nats-servergo>= 2.2.0, < 2.7.42.7.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper path sanitization during account synchronization in the privileged $SYS account. The advisory explicitly mentions 'inadequate check in constructing filenames for account synchronization' leading to directory traversal. While exact function names aren't provided in available resources, NATS's architecture requires account data persistence, and the described vulnerability pattern strongly suggests a file path construction function in account management logic that fails to validate user-controlled path components. The confidence is high because the CWE-22 classification and advisory details directly point to this class of vulnerability in account synchronization handlers.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

N*TS n*ts-s*rv*r *.*.* t*rou** *.*.* *llows *ir**tory tr*v*rs*l ****us* o* *n unint*n*** p*t* to * m*n***m*nt **tion *rom * m*n***m*nt ***ount.

Reasoning

T** vuln*r**ility st*ms *rom improp*r p*t* s*nitiz*tion *urin* ***ount syn**roniz*tion in t** privil**** $SYS ***ount. T** **visory *xpli*itly m*ntions 'in***qu*t* ****k in *onstru*tin* *il*n*m*s *or ***ount syn**roniz*tion' l***in* to *ir**tory tr*v