CVE-2022-28357
Directory Traversal vulnerability in nats-server (Go)
What is CVE-2022-28357 About?
NATS nats-server versions 2.2.0 through 2.7.4 are vulnerable to directory traversal through an unintended path in a management action. This allows attackers to access arbitrary files on the server. Exploitation is likely straightforward for an authenticated attacker.
Affected Software
- github.com/nats-io/nats-server
- >2.2.0, <2.7.4
- github.com/nats-io/nats-server/v2
- >2.2.0, <2.7.4
Technical Details
The vulnerability in NATS nats-server (versions 2.2.0 to 2.7.4) is a directory traversal flaw. It arises from an unintended path within a management action, accessible by a management account. An attacker with access to such an account can craft specific requests containing directory traversal sequences (e.g., '..', '../') in parameters meant for file paths. This allows them to bypass directory restrictions and access or potentially manipulate arbitrary files and directories outside of the intended management scope on the server's filesystem.
What is the Impact of CVE-2022-28357?
Successful exploitation may allow attackers to read, and potentially write (depending on file system permissions), arbitrary files on the server which can lead to information disclosure, unauthorized data modification, or further system compromise.
What is the Exploitability of CVE-2022-28357?
Exploitation is of low complexity. It generally requires authenticated access to a management account on the NATS server. This is a remote vulnerability, allowing an attacker to access the server's filesystem from an external location. The primary prerequisite is an authenticated session. Special conditions include the server running a vulnerable version. The likelihood of exploitation is increased if management accounts are not adequately secured or if the management interface is exposed to untrusted networks.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2022-28357?
Available Upgrade Options
- github.com/nats-io/nats-server
- >2.2.0, <2.7.4 → Upgrade to 2.7.4
- github.com/nats-io/nats-server/v2
- >2.2.0, <2.7.4 → Upgrade to 2.7.4
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/advisories/GHSA-vpjc-4jcv-jc29
- https://github.com/nats-io/nats-server/releases/tag/v2.7.4
- https://github.com/nats-io/nats-server
- https://nvd.nist.gov/vuln/detail/CVE-2022-28357
- https://advisories.nats.io/CVE/CVE-2022-28357.txt
- https://osv.dev/vulnerability/GO-2023-2066
- https://github.com/nats-io/nats-server/releases
- https://advisories.nats.io/CVE/CVE-2022-28357.txt
What are Similar Vulnerabilities to CVE-2022-28357?
Similar Vulnerabilities: GHSA-4frv-5fj6-4p25 , CVE-2021-4107 , CVE-2022-2057 , CVE-2023-28823 , CVE-2023-28824
