Описание
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:alibaba:nacos:1.1.4:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00379
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
EPSS
Процентиль: 59%
0.00379
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo