Tag
high
advisory
NATS.io MQTT ACL Bypass Vulnerability
2 rules 1 TTPA vulnerability in NATS.io versions before v2.12.6 or v2.11.15 allows MQTT clients to bypass ACL checks for MQTT subjects due to ACLs not being applied in the `$MQTT.>` namespace, potentially allowing unauthorized access and control of MQTT communications.
NATS server
nats.io
mqtt
acl-bypass
vulnerability
2r
1t
high
advisory
NATS Server MQTT Password Disclosure Vulnerability
3 rules 1 TTPThe NATS server exposes MQTT passwords in plaintext via monitoring endpoints due to incorrect classification as JWTs, affecting versions before v2.12.6 or v2.11.15.
NATS server
nats
mqtt
credential-access
vulnerability
3r
1t