← back
CVE-2021-43116

CVE-2021-43116

EPSS 5.5%
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/171638/Nacos-2.0.3-Access-Control.htmlunverifiedexploitdbwww.exploit-db.com/exploits/51205unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/171638/Nacos-2.0.3-Access-Control.htmlhttps://github.com/alibaba/nacos/issues/7127https://github.com/alibaba/nacos/issues/7182