CVE-2020-19676 – com.alibaba.nacos:nacos-common

Package

Manager: maven
Name: com.alibaba.nacos:nacos-common
Vulnerable Version: >=0 <1.2.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00379 pctl0.58637

Details

Incorrect Access Control in Nacos Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)

Metadata

Created: 2021-08-02T16:38:01Z
Modified: 2021-04-22T23:02:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-qf76-pr7x-h7r4/GHSA-qf76-pr7x-h7r4.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-qf76-pr7x-h7r4
Finding: F310
Auto approve: 1