Description
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)
Remediation
References
https://github.com/alibaba/nacos/issues/2284
Related Vulnerabilities
CVE-2020-28449 Vulnerability in npm package decal
CVE-2023-29641 Vulnerability in npm package editor.md
CVE-2020-9296 Vulnerability in maven package com.netflix.conductor:conductor-core
CVE-2020-28503 Vulnerability in npm package copy-props
CVE-2022-26336 Vulnerability in maven package org.apache.poi:poi-scratchpad