Description

Nacos is a platform designed for dynamic service discovery and configuration and service management.

Nacos before 1.4.1 has an authentication bypass vulnerability. An attacker can bypass the authentication with a specially crafted HTTP request and get full access to the system.

Remediation

Upgrade to the latest version of Nacos

References

CVE-2021-29441

Related Vulnerabilities

WordPress Plugin CardGate Payments for WooCommerce Security Bypass (3.1.15)

Unsafe use of Reflection

WordPress Plugin YITH WooCommerce Bulk Product Editing Security Bypass (1.2.13)

Drupal Core 9.3.x Security Bypass (9.3.0 - 9.3.18)

WordPress Plugin YITH WooCommerce Badge Management Security Bypass (1.3.19)

Severity

High

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Authentication Bypass