Sign In

GHSA-hmm9-r2m2-qg9w

ADVISORY - github

Summary

(This advisory is canonically https://advisories.nats.io/CVE/CVE-2020-26521.txt)

Problem Description

The NATS account system has an Operator trusted by the servers, which signs Accounts, and each Account can then create and sign Users within their account. The Operator should be able to safely issue Accounts to other entities which it does not fully trust.

A malicious Account could create and sign a User JWT with a state not created by the normal tooling, such that decoding by the NATS JWT library (written in Go) would attempt a nil dereference, aborting execution.

The NATS Server is known to be impacted by this.

Affected versions

JWT library

  • all versions prior to 1.1.0

NATS Server

  • Version 2 prior to 2.1.9

Impact

JWT library

  • Programs would nil dereference and panic, aborting execution by default.

NATS server

  • Denial of Service caused by process termination

Workaround

If your NATS servers do not trust any accounts which are managed by untrusted entities, then malformed User credentials are unlikely to be encountered.

Solution

Upgrade the JWT dependency in any application using it.

Upgrade the NATS server if using NATS Accounts.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-476

NULL Pointer Dereference

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-476

NULL Pointer Dereference

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-hmm9-r2m2-qg9w
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-476

CVSS SCORE

7.5high

GoLang

CREATED

UPDATED

ADVISORY IDGO-2022-0402
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

GitLab

CREATED

UPDATED

ADVISORY ID

GHSA-hmm9-r2m2-qg9w

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-476CWE-937

CVSS SCORE

7.5high

GitLab

CREATED

UPDATED

ADVISORY ID

GMS-2021-792

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-937
RATING UNAVAILABLE FROM ADVISORY

GitLab

CREATED

UPDATED

ADVISORY ID

GMS-2021-98

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-937
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-2v6p-mg24-q4w7

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-p4pr-chp6-pr52

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY