Authentication bypass
CVE-2021-29441

8.6HIGH

Key Information:

Vendor

Alibaba

Status
Nacos
Vendor
CVE Published:
27 April 2021

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 94%

What is CVE-2021-29441?

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to carry out any administrative tasks on the Nacos server.

Affected Version(s)

nacos < 1.4.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-29441
Created by bysinks

nacos-cve-2021-29441
Created by hh-hunter

References

https://github.com/alibaba/nacos/issues/4701
x_refsource_MISC
https://github.com/advisories/GHSA-36hp-jr8h-556f
x_refsource_CONFIRM
https://github.com/alibaba/nacos/pull/4703
x_refsource_MISC

EPSS Score

94% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-29441 : Authentication bypass