Identifier

CVE-2020-19676

Package Slug

maven/com.alibaba.nacos/nacos-api

Vulnerability

Information Exposure

Description

Nacos suffers from a flaw where users can access service details when unauthenticated. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in.

Affected Versions

Version 1.1.4

Solution

Upgrade to version 1.2.1 or above.

Last Modified

2020-10-12

source