GO-2022-0386
Discription
Import tokens valid for one account may be used for any other account.
Validation of Import token bindings incorrectly warns on mismatches,
rather than rejecting the Goken. This permits a token for one account
to be used for any other account.
For further details and mitigation procedures, see
https://advisories.nats.io/CVE/CVE-2021-3127.txtRead More
References
Back to Main