Moderate severityNVD Advisory· Published Sep 30, 2020· Updated Aug 4, 2024
CVE-2020-19676
CVE-2020-19676
Description
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.alibaba.nacos:nacos-commonMaven | < 1.2.0 | 1.2.0 |
Affected products
2- alibaba/Nacosdescription
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-qf76-pr7x-h7r4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-19676ghsaADVISORY
- github.com/alibaba/nacos/issues/1105ghsaWEB
- github.com/alibaba/nacos/issues/2284ghsax_refsource_MISCWEB
- github.com/alibaba/nacos/releases/tag/1.2.0ghsaWEB
News mentions
0No linked articles in our index yet.