CVE-2020-19676

MEDIUM5.3EPSS 0.38%

Incorrect Access Control in Nacos

Published: 8/2/2021Modified: 11/8/2023

Description

Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)

Affected packages (1)

Maven/com.alibaba.nacos:nacos-commonfrom 0, < 1.2.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-19676
WEBhttps://github.com/alibaba/nacos/issues/1105
WEBhttps://github.com/alibaba/nacos/issues/2284
WEBhttps://github.com/alibaba/nacos/releases/tag/1.2.0