Description

Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)

Remediation

References

https://github.com/alibaba/nacos/issues/2284

Related Vulnerabilities

CVE-2021-23440 Vulnerability in npm package set-value

CVE-2021-23371 Vulnerability in npm package chrono-node

CVE-2018-18389 Vulnerability in maven package org.neo4j:neo4j-security-enterprise

CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web

CVE-2024-36401 Vulnerability in maven package org.geoserver:gs-wfs

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Exploit Issue Tracking Third Party Advisory NVD-CWE-noinfo