Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-19676 Vulnerability in maven package com.alibaba.nacos:nacos-api

Description

Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)

Remediation

References

https://github.com/alibaba/nacos/issues/2284

Related Vulnerabilities

CVE-2021-32850 Vulnerability in npm package @claviska/jquery-minicolors

CVE-2021-29425 Vulnerability in maven package commons-io:commons-io

CVE-2020-13445 Vulnerability in maven package com.liferay:com.liferay.portal.template.velocity

CVE-2024-36401 Vulnerability in maven package org.geoserver:gs-wfs

CVE-2020-8192 Vulnerability in npm package fastify

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Exploit Issue Tracking Third Party Advisory NVD-CWE-noinfo