Description
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)
Remediation
References
https://github.com/alibaba/nacos/issues/2284
Related Vulnerabilities
CVE-2020-36377 Vulnerability in npm package aaptjs
CVE-2020-8137 Vulnerability in npm package fastify
CVE-2023-34624 Vulnerability in maven package net.sourceforge.htmlcleaner:htmlcleaner
CVE-2020-7676 Vulnerability in maven package org.webjars.bowergithub.angular:angular
CVE-2021-21290 Vulnerability in maven package io.netty:netty-testsuite