CVE-2021-29442: Authentication bypass
First published: Tue Apr 27 2021(Updated: )
Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql)
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nacos | <1.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID is CVE-2021-29442.
What is the severity of CVE-2021-29442?
The severity of CVE-2021-29442 is high with a CVSS score of 7.5.
What is Nacos?
Nacos is a platform designed for dynamic service discovery, configuration, and service management.
What version of Nacos is affected by CVE-2021-29442?
Nacos version up to and excluding 1.4.1 is affected by CVE-2021-29442.
How can the ConfigOpsController vulnerability be exploited?
The user can perform management operations like querying the database or wiping it out using the ConfigOpsController in Nacos before version 1.4.1.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/references
- agent/title
- agent/author
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/alibaba
- canonical/nacos