Description

Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)

Remediation

References

https://github.com/alibaba/nacos/issues/2284

Related Vulnerabilities

CVE-2021-23327 Vulnerability in npm package apexcharts

CVE-2021-4264 Vulnerability in maven package org.webjars.npm:dustjs-linkedin

CVE-2021-27191 Vulnerability in npm package get-ip-range

CVE-2023-31890 Vulnerability in maven package com.glazedlists:glazedlists

CVE-2022-1330 Vulnerability in maven package org.webjars.bowergithub.alvarotrigo:fullpage.js

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Exploit Issue Tracking Third Party Advisory NVD-CWE-noinfo