Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Nacos 信息泄露漏洞
Vulnerability Description
nacos是中国阿里巴巴(Alibaba)的一个动态服务发现、配置和服务管理平台。该软件支持基于 DNS 和基于 RPC 的服务发现,可提供提供实时健康检查,阻止服务向不健康的主机或服务实例发送请求等功能。 Nacos 1.1.4版本存在安全漏洞,攻击者可利用该漏洞可以在本地设置环境以获取服务详细信息界面。 然后可以通过服务列表界面访问其他Nacos服务名称。 未登录时即可访问服务详细信息。
CVSS Information
N/A
Vulnerability Type
N/A