GHSA-4frv-5fj6-4p25
Authentication Bypass vulnerability in v2 (Go)

Authentication Bypass No known exploit

What is GHSA-4frv-5fj6-4p25 About?

This authentication bypass vulnerability affects NATS nats-server versions before 2.9.23 and 2.10.x before 2.10.2. It allows unauthenticated access by leveraging an implicit '$G' user in an authorization block. Exploitation is relatively straightforward due to a configuration oversight.

Affected Software

  • github.com/nats-io/nats-server/v2
    • >2.2.0, <2.9.23
    • >2.10.0, <2.10.2

Technical Details

The vulnerability exists in NATS nats-server due to an implicit '$G' user being present within an authorization block, particularly in versions 2.2.0 and later. This configuration, despite the intention of granular user authentication, can be leveraged to gain unauthenticated access. An attacker can connect to the NATS server and, under specific authorization block configurations involving the '$G' user, bypass the expected authentication mechanisms, granting them unauthorized access to the messaging system.

What is the Impact of GHSA-4frv-5fj6-4p25?

Successful exploitation may allow attackers to gain unauthorized access to the NATS messaging system, leading to message interception, injection of malicious messages, disruption of communication, and potential compromise of connected services.

What is the Exploitability of GHSA-4frv-5fj6-4p25?

Exploitation is of low complexity. An attacker typically does not require any prior authentication to exploit this flaw, making it a severe remote vulnerability. The prerequisites for exploitation primarily involve the NATS server being configured with an authorization block that inadvertently includes the implicit '$G' user, contrary to the administrator's intent. Special conditions include the specific server version and configuration. The likelihood of exploitation is high if vulnerable versions are deployed with such configurations, as the attack is straightforward.

What are the Known Public Exploits?

PoC Author Link Commentary
No known exploits

What are the Available Fixes for GHSA-4frv-5fj6-4p25?

Available Upgrade Options

  • github.com/nats-io/nats-server/v2
    • >2.2.0, <2.9.23 → Upgrade to 2.9.23
  • github.com/nats-io/nats-server/v2
    • >2.10.0, <2.10.2 → Upgrade to 2.10.2

Struggling with dependency upgrades?

See how Resolved Security's drop-in replacements make it simple.

Book a demo

Additional Resources

What are Similar Vulnerabilities to GHSA-4frv-5fj6-4p25?

Similar Vulnerabilities: CVE-2022-28357 , CVE-2021-3129 , CVE-2023-28823 , CVE-2023-28824 , CVE-2023-29471

All Rights reserved 2025
Privacy Policy