CVE-2021-29441

Authentication bypass

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to carry out any administrative tasks on the Nacos server.

Nacos es una plataforma diseñada para el descubrimiento y la configuración dinámica de servicios y la gestión de servicios. En Nacos versiones anteriores a 1.4.1, cuando se configura para usar autenticación (-Dnacos.core.auth.enabled=true), Nacos usa el filtro de servlet AuthFilter para hacer cumplir la autenticación. Este filtro presenta una backdoor que permite a servidores de Nacos omitir este filtro y, por lo tanto, omitir las comprobaciones de autenticación. Este mecanismo es basado en el encabezado HTTP del agente de usuario para que pueda falsificarse fácilmente. Este problema puede permitir a cualquier usuario llevar a cabo cualquier tarea administrativa en el servidor de Nacos

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-03-30 CVE Reserved
2021-04-27 CVE Published
2022-03-15 First Exploit
2024-08-03 CVE Updated
2024-11-04 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-290: Authentication Bypass by Spoofing

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC
https://github.com/bysinks/CVE-2021-29441	2022-03-15
https://github.com/advisories/GHSA-36hp-jr8h-556f	2024-08-03
https://github.com/alibaba/nacos/issues/4701	2024-08-03

URL	Date	SRC
https://github.com/alibaba/nacos/pull/4703	2021-05-07

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Alibaba Search vendor "Alibaba"		Nacos Search vendor "Alibaba" for product "Nacos"				< 1.4.1 Search vendor "Alibaba" for product "Nacos" and version " < 1.4.1"		-		Affected