Incorrect Access Control in Nacos by Alibaba
CVE-2020-19676

5.3MEDIUM

Key Information:

Vendor: Alibaba
Status: Nacos
Vendor: CVE Published:; 30 September 2020

What is CVE-2020-19676?

Nacos version 1.1.4 suffers from an Incorrect Access Control vulnerability, allowing unauthorized users to access sensitive service details. The issue arises when an environment is established locally, providing access to the service details interface. Consequently, service names can be retrieved through the service list interface without authentication, enabling unauthorized access to detailed service information.

References

https://github.com/alibaba/nacos/issues/2284

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 30, 2020
Vulnerability Reserved
Aug 13, 2020