Vendor
high
advisory
NATS Server MQTT Password Disclosure Vulnerability
3 rules 1 TTPThe NATS server exposes MQTT passwords in plaintext via monitoring endpoints due to incorrect classification as JWTs, affecting versions before v2.12.6 or v2.11.15.
NATS server
nats
mqtt
credential-access
vulnerability
3r
1t
high
advisory
NATS Server Panic via Malicious Compression on Leafnode Port
2 rules 2 TTPs 1 IOCA vulnerability exists in NATS servers configured to accept leafnode connections where a malicious remote NATS server can trigger a server panic by exploiting compression negotiation on the leafnode port.
NATS server
nats
denial-of-service
compression
2r
2t
1i
high
advisory
NATS Server Pre-Authentication Denial-of-Service via Leafnode Handling
2 rules 1 TTPA pre-authentication denial-of-service vulnerability exists in NATS servers before versions v2.12.6 and v2.11.15, allowing a remote client connected to the leafnode port to crash the server by sending a malformed message.
NATS Server
nats
denial-of-service
leafnode
2r
1t