CVE-2021-29441

Description

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to carry out any administrative tasks on the Nacos server.

NVD
Severity: CRITICAL
CVE ID: CVE-2021-29441
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

GitHub, Inc.
Severity: HIGH
CVE ID: CVE-2021-29441
CVSS Score: 8.6
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2021-29441

Refrence: Project Discovery GitHub

hh-hunter

Refrence: GitHub

bysinks

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept