CVE-2020-19676

MEDIUM5.3EPSS 0.38%

Incorrect Access Control in Nacos

發布日:2021/8/2修改日:2023/11/8

描述

Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)

受影響套件(1)

Maven/com.alibaba.nacos:nacos-commonfrom 0, < 1.2.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-19676
WEBhttps://github.com/alibaba/nacos/issues/1105
WEBhttps://github.com/alibaba/nacos/issues/2284
WEBhttps://github.com/alibaba/nacos/releases/tag/1.2.0