CVE-2020-19676

Published: Sep 30, 2020Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)

Affected (1)

Products: Alibaba: Nacos

Alibaba

1 product

Nacos

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Alibaba Nacos	Version 1.1.4

References (2)

https://github.com/alibaba/nacos/issues/2284

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/alibaba/nacos/issues/2284

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.