Lucene search
GoogleOSV:CVE-2021-29441HistoryApr 27, 2021 - 9:15 p.m.
CVE-2021-29441
2021-04-2721:15:07
Google
osv.dev
7
Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to carry out any administrative tasks on the Nacos server.
Related
osv
osv
Authentication bypass for specific endpoint
2021-04-27 20:09:25
Authentication Bypass
2021-04-27 20:09:17
CVE-2021-29442
2021-04-27 21:15:08
prion
prion
Default configuration
2021-04-27 21:15:00
Authentication flaw
2021-04-27 21:15:00
nvd
nvd
CVE-2021-29442
2021-04-27 21:15:08
CVE-2021-29441
2021-04-27 21:15:07
nuclei
nuclei
Nacos <1.4.1 - Authentication Bypass
2021-04-28 04:54:36
Nacos <1.4.1 - Authentication Bypass
2021-04-28 05:01:34
github
github
Authentication Bypass
2021-04-27 20:09:17
Authentication bypass for specific endpoint
2021-04-27 20:09:25
cvelist
cvelist
CVE-2021-29441 Authentication bypass
2021-04-27 20:20:20
CVE-2021-29442 Authentication bypass
2021-04-27 20:20:13
gitlab
gitlab
Missing Authentication for Critical Function
2021-04-27 00:00:00
Missing Authentication for Critical Function
2021-04-27 00:00:00
Authentication Bypass by Spoofing
2021-04-27 00:00:00
cve
cve
CVE-2021-29442
2021-04-27 21:15:08
CVE-2021-29441
2021-04-27 21:15:07
nessus
nessus
Nacos < 1.4.1 Authentication Bypass (CVE-2021-29441)
2021-10-26 00:00:00
githubexploit
githubexploit
Exploit for Authentication Bypass by Spoofing in Alibaba Nacos
2022-03-15 08:53:59
thn
thn