4 matches found
CVE-2021-29442
Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly...
CVE-2021-29441
CVE-2021-29441 affects Nacos before version 1.4.1. The AuthFilter used for enforcing authentication contains a backdoor that lets servers bypass the filter and skip authentication checks; the bypass relies on spoofable User-Agent headers, enabling a user to perform administrative tasks on the Nac...
CVE-2021-29442
Nacos
Missing Authentication for Critical Function
Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly...