Description

Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)

Remediation

References

https://github.com/alibaba/nacos/issues/2284

Related Vulnerabilities

CVE-2022-37423 Vulnerability in maven package org.neo4j.procedure:apoc

CVE-2021-44521 Vulnerability in maven package org.apache.cassandra:cassandra-all

CVE-2021-23384 Vulnerability in npm package koa-remove-trailing-slashes

CVE-2022-21129 Vulnerability in npm package nemo-appium

CVE-2019-12395 Vulnerability in maven package us.dynmap:dynmap

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Exploit Issue Tracking Third Party Advisory NVD-CWE-noinfo