Main Vulnerability Database SB2022121335

SB2022121335 - beego update for nats-server

Published: December 13, 2022

Security Bulletin ID SB2022121335

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Incorrect authorization (CVE-ID: CVE-2022-24450)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to misusing the "dynamically provisioned sandbox accounts" feature. A remote user can take advantage of its valid account and switch over to another existing account without further authentication to obtain the privileges of the System account.

Remediation

Install update from vendor's website.

References

https://github.com/beego/beego/releases/tag/v2.0.7