6 matches found
CVE-2021-29441
Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor...
Nacos < 1.4.1 Authentication Bypass (CVE-2021-29441)
Binary data nacoscve-2021-29441.nbin...
CVE-2021-29441
creationtimestamp| type| source ---|---|--- 2021-08-25 13:22:18+00:00| seen| https://t.me/truesecator/2035 2021-10-28 16:23:30+00:00| published-proof-of-concept| https://github.com/google/tsunami-security-scanner-plugins/tree/master/community/detectors/nacoscve202129441 2023-12-08 13:07:04+00:00|...
CVE-2021-29441 Authentication bypass
Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor...
CVE-2021-29441
CVE-2021-29441 affects Nacos before version 1.4.1. The AuthFilter used for enforcing authentication contains a backdoor that lets servers bypass the filter and skip authentication checks; the bypass relies on spoofable User-Agent headers, enabling a user to perform administrative tasks on the Nac...
cc.cc4414:cc-spring-cloud-starter (>=0.3.0 <=0.8.0), cc.cc4414:cc-spring-cloud-starter-gateway (>=0.5.0 <=0.8.0) +436 more potentially affected by CVE-2021-29441 +1 more via com.alibaba.nacos:nacos-common (>=0.1.0 <=1.4.0)
com.alibaba.nacos:nacos-common MAVEN version =0.1.0, =0.3.0, =0.5.0, =1.0.0, =1.1, =1.1, =0.0.2, =0.0.2, =1.0.8, =1.4.0, =2021.6.0 - cn.iisme.cloud:iisme-demos-nacos-core =1.0.1 - cn.iisme.cloud:iisme-demos-nacos-web =1.0.1 - cn.iisme.cloud:iisme-gateway-nacos =1.0.1 -...