Description

Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)

Remediation

References

https://github.com/alibaba/nacos/issues/2284

Related Vulnerabilities

CVE-2018-17785 Vulnerability in maven package cc.blynk.server.api.core:http-core

CVE-2023-49486 Vulnerability in maven package com.jfinal:jfinal

CVE-2020-7737 Vulnerability in npm package safetydance

CVE-2021-27738 Vulnerability in maven package org.apache.kylin:kylin-stream-coordinator

CVE-2021-3801 Vulnerability in npm package prismjs

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Exploit Issue Tracking Third Party Advisory NVD-CWE-noinfo