Description
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)
Remediation
References
https://github.com/alibaba/nacos/issues/2284
Related Vulnerabilities
CVE-2021-21318 Vulnerability in maven package org.opencastproject:opencast-search-service-impl
CVE-2015-5211 Vulnerability in maven package org.springframework:spring-web
CVE-2020-7718 Vulnerability in npm package gammautils
CVE-2021-37578 Vulnerability in maven package org.apache.juddi:juddi-core
CVE-2023-36470 Vulnerability in maven package org.xwiki.platform:xwiki-platform-icon-default