Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)
References
Link | Resource |
---|---|
https://github.com/alibaba/nacos/issues/2284 | Exploit Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-09-30T17:52:39
Updated: 2020-09-30T17:52:39
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-19676
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-09-30T18:15:23.663
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-19676
JSON object: View
Redhat Information
No data.
CWE