Vulnerability Details CVE-2021-43116
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.031
EPSS Ranking 86.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/171638/Nacos-2.0.3-Access-Control.html
- https://github.com/alibaba/nacos/issues/7127
- https://github.com/alibaba/nacos/issues/7182
- http://packetstormsecurity.com/files/171638/Nacos-2.0.3-Access-Control.html
- https://github.com/alibaba/nacos/issues/7127
- https://github.com/alibaba/nacos/issues/7182
Products affected by CVE-2021-43116
-
cpe:2.3:a:alibaba:nacos:0.1.0
-
cpe:2.3:a:alibaba:nacos:0.2.0
-
cpe:2.3:a:alibaba:nacos:0.2.1
-
cpe:2.3:a:alibaba:nacos:0.3.0
-
cpe:2.3:a:alibaba:nacos:0.4.0
-
cpe:2.3:a:alibaba:nacos:0.5.0
-
cpe:2.3:a:alibaba:nacos:0.6.0
-
cpe:2.3:a:alibaba:nacos:0.6.1
-
cpe:2.3:a:alibaba:nacos:0.7.0
-
cpe:2.3:a:alibaba:nacos:0.8.0
-
cpe:2.3:a:alibaba:nacos:0.9.0
-
cpe:2.3:a:alibaba:nacos:1.0.0
-
cpe:2.3:a:alibaba:nacos:1.0.1
-
cpe:2.3:a:alibaba:nacos:1.1.0
-
cpe:2.3:a:alibaba:nacos:1.1.1
-
cpe:2.3:a:alibaba:nacos:1.1.3
-
cpe:2.3:a:alibaba:nacos:1.1.4
-
cpe:2.3:a:alibaba:nacos:1.2.0
-
cpe:2.3:a:alibaba:nacos:1.2.1
-
cpe:2.3:a:alibaba:nacos:1.3.0
-
cpe:2.3:a:alibaba:nacos:1.3.1
-
cpe:2.3:a:alibaba:nacos:1.3.2
-
cpe:2.3:a:alibaba:nacos:1.4.0
-
cpe:2.3:a:alibaba:nacos:1.4.1
-
cpe:2.3:a:alibaba:nacos:1.4.2
-
cpe:2.3:a:alibaba:nacos:1.4.3
-
cpe:2.3:a:alibaba:nacos:2.0.0
-
cpe:2.3:a:alibaba:nacos:2.0.1
-
cpe:2.3:a:alibaba:nacos:2.0.2
-
cpe:2.3:a:alibaba:nacos:2.0.3