Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:29 p.m.14 views

CVE-2021-29441

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor...

9.8CVSS7.1AI score0.74242EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2021/10/26 12:0 a.m.140 views

Nacos < 1.4.1 Authentication Bypass (CVE-2021-29441)

Binary data nacoscve-2021-29441.nbin...

9.8CVSS9.6AI score0.74242EPSS
Exploits2References3
Circl
Circl
added 2021/08/25 1:22 p.m.34 views

CVE-2021-29441

creationtimestamp| type| source ---|---|--- 2021-08-25 13:22:18+00:00| seen| https://t.me/truesecator/2035 2021-10-28 16:23:30+00:00| published-proof-of-concept| https://github.com/google/tsunami-security-scanner-plugins/tree/master/community/detectors/nacoscve202129441 2023-12-08 13:07:04+00:00|...

9.8CVSS7.3AI score0.74242EPSS
In wildExploits2References8
Cvelist
Cvelist
added 2021/04/27 8:20 p.m.36 views

CVE-2021-29441 Authentication bypass

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor...

8.6CVSS9.9AI score0.74242EPSS
Exploits2References3
CVE
CVE
added 2021/04/27 8:20 p.m.201 views

CVE-2021-29441

CVE-2021-29441 affects Nacos before version 1.4.1. The AuthFilter used for enforcing authentication contains a backdoor that lets servers bypass the filter and skip authentication checks; the bypass relies on spoofable User-Agent headers, enabling a user to perform administrative tasks on the Nac...

9.8CVSS9.3AI score0.74242EPSS
In wildExploits2References3Affected Software1
vulnersOsv
vulnersOsv
added 2021/04/27 8:9 p.m.5 views

cc.cc4414:cc-spring-cloud-starter (>=0.3.0 <=0.8.0), cc.cc4414:cc-spring-cloud-starter-gateway (>=0.5.0 <=0.8.0) +436 more potentially affected by CVE-2021-29441 +1 more via com.alibaba.nacos:nacos-common (>=0.1.0 <=1.4.0)

com.alibaba.nacos:nacos-common MAVEN version =0.1.0, =0.3.0, =0.5.0, =1.0.0, =1.1, =1.1, =0.0.2, =0.0.2, =1.0.8, =1.4.0, =2021.6.0 - cn.iisme.cloud:iisme-demos-nacos-core =1.0.1 - cn.iisme.cloud:iisme-demos-nacos-web =1.0.1 - cn.iisme.cloud:iisme-gateway-nacos =1.0.1 -...

9.8CVSS7.3AI score0.74242EPSS
Exploits4
Rows per page
Query Builder