GHSA-qf76-pr7x-h7r4

Source

https://github.com/advisories/GHSA-qf76-pr7x-h7r4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-qf76-pr7x-h7r4/GHSA-qf76-pr7x-h7r4.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-qf76-pr7x-h7r4

Aliases

CVE-2020-19676

Published

2021-08-02T16:38:01Z

Modified

2023-11-08T04:02:47.682625Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Incorrect Access Control in Nacos

Details

Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)

Database specific

{
    "nvd_published_at": "2020-09-30T18:15:00Z",
    "github_reviewed_at": "2021-04-22T23:02:07Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-200"
    ]
}

References

Affected packages

Maven / com.alibaba.nacos:nacos-common

Package

Name: com.alibaba.nacos:nacos-common; View open source insights on deps.dev
Purl: pkg:maven/com.alibaba.nacos/nacos-common

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.0

Affected versions

0.*

0.1.0

0.2.0

0.2.1-RC1

0.2.1

0.3.0-RC1

0.3.0

0.4.0

0.5.0

0.6.0

0.6.1

0.6.2

0.8.0

0.8.1

0.8.2

0.9.0

0.9.1

1.*

1.0.0-RC1

1.0.0-RC2

1.0.0-RC3

1.0.0-RC4

1.0.0

1.0.1

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.2.0-beta.0

1.2.0-beta.1