CVE-2021-29442 PoC — Alibaba nacos 访问控制错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-29442.yaml

Associated Vulnerability

Title:Alibaba nacos 访问控制错误漏洞 (CVE-2021-29442)
Description:nacos是中国阿里巴巴（Alibaba）的一个动态服务发现、配置和服务管理平台。该软件支持基于 DNS 和基于 RPC 的服务发现，可提供提供实时健康检查，阻止服务向不健康的主机或服务实例发送请求等功能。 Nacos 存在访问控制错误漏洞，该漏洞源于ConfigOpsController允许用户执行管理操作，比如查询数据库，甚至清除数据库。

Description

Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql).

File Snapshot


 id: CVE-2021-29442

info:
  name: Nacos <1.4.1 - Authentication Bypass
  author: dwisiswant0
  sever

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!