1. Home
  2. Vulnerabilities
  3. CVE-2021-43116

CVE-2021-43116

CVSS v3.1 8.8 (High)
88% Progress
CVSS v2.0 6.5 (Medium)
65% Progress
EPSS 5.17 % (93th)
5.17% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.

Weaknesses
CWE-287
Improper Authentication
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2022-07-05 14:15:08
(2 years ago)
Updated Date
2023-04-03 20:15:07
(17 months ago)

Affected Products

Alibaba

Configuration #1

    CPE23 From Up To
  Alibaba Nacos 2.0.3 and prior versions cpe:2.3:a:alibaba:nacos <= 2.0.3