Description
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)
Remediation
References
https://github.com/alibaba/nacos/issues/2284
Related Vulnerabilities
CVE-2021-35513 Vulnerability in maven package org.webjars.npm:mermaid
CVE-2023-27848 Vulnerability in npm package broccoli-compass
CVE-2020-7632 Vulnerability in npm package node-mpv
CVE-2020-28481 Vulnerability in maven package org.webjars.bower:socket.io
CVE-2023-25827 Vulnerability in maven package net.opentsdb:opentsdb