Vendor
high
advisory
NATS.io MQTT ACL Bypass Vulnerability
2 rules 1 TTPA vulnerability in NATS.io versions before v2.12.6 or v2.11.15 allows MQTT clients to bypass ACL checks for MQTT subjects due to ACLs not being applied in the `$MQTT.>` namespace, potentially allowing unauthorized access and control of MQTT communications.
NATS server
nats.io
mqtt
acl-bypass
vulnerability
2r
1t
high
advisory
NATS Server Credentials Exposure via Monitoring Port
3 rulesNATS servers configured with command-line credentials expose them through the `/debug/vars` endpoint on the monitoring port, affecting versions prior to 2.11.15 and between 2.12.0-RC.1 and 2.12.6, potentially leading to unauthorized access.
NATS server
nats
credential-exposure
monitoring-port
3r