Authentication bypass
CVE-2021-29442

8.6HIGH

Key Information:

Vendor: Alibaba
Status: Nacos
Vendor: CVE Published:; 27 April 2021

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 94%

What is CVE-2021-29442?

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql)

Affected Version(s)

nacos < 1.4.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2021-29442-Nacos-Derby-rce-exp
Created by XiaomingX

References

https://github.com/alibaba/nacos/issues/4463

x_refsource_MISC

https://github.com/advisories/GHSA-36hp-jr8h-556f

x_refsource_CONFIRM

https://github.com/alibaba/nacos/pull/4517

x_refsource_MISC

EPSS Score

94% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 22, 2024
👾
Exploit known to exist
Jul 31, 2024
Vulnerability published
Apr 27, 2021
Vulnerability Reserved
Mar 30, 2021

Alibaba

Badges

What is CVE-2021-29442?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

EPSS Score

CVSS V3.1

Timeline