Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PRP: Request alibaba nacos(<=1.4.0) 'NACOS-ISSUE #4593' CVE-2021-29441 User-Agent authentication bypass vulnerability #119

Closed
threedr3am opened this issue Oct 4, 2021 · 2 comments
Closed

PRP: Request alibaba nacos(<=1.4.0) 'NACOS-ISSUE #4593' CVE-2021-29441 User-Agent authentication bypass vulnerability #119

threedr3am opened this issue Oct 4, 2021 · 2 comments
Labels
PRP:Request

Comments

@threedr3am
Copy link
Contributor

threedr3am commented Oct 4, 2021
edited
Loading

Hi,

I want to contribute to the tsunami scanner with a plugin to detect alibaba nacos(<=1.4.0) 'NACOS-ISSUE #4593' CVE-2021-29441 User-Agent authentication bypass vulnerability.

Vulnerability details:
alibaba/nacos#4593
When the nacos version is less than or equal to 1.4.0, when accessing the http endpoint, adding the User-Agent: Nacos-Server header can bypass the authentication restriction and access any http endpoint.
https://nvd.nist.gov/vuln/detail/CVE-2021-29441
alibaba/nacos#4701
alibaba/nacos#4703
GHSA-36hp-jr8h-556f

Type: CWE - 306 : Missing Authentication for Critical Function

The vulnerability should have a HIGH or CRITICAL severity rating if there is already a CVE ID assigned (CVSS score >= 7.0). yes
The vulnerability should be relatively new and have already been patched. yes
The vulnerability should have a relatively large impact radius. yes
The vulnerability should be remotely exploitable without authentication and user interaction. yes
The detector should provide a reliable false-positive free detection report. yes
The detector should have good unit test coverage. Google's open source projects should be thoroughly tested and there is no exception for the Tsunami project. yes
The detection capability should be easy to verify using both vulnerable and fixed Docker images. yes
threedr3am added a commit to threedr3am/tsunami-security-scanner-plugins that referenced this issue Oct 4, 2021
@threedr3am
add NacosAuthBypassVulnDetector.(google#119)
452241e
threedr3am added a commit to threedr3am/tsunami-security-scanner-plugins that referenced this issue Oct 5, 2021
@threedr3am
add NacosAuthBypassVulnDetector.(google#119)
67740d8
@threedr3am threedr3am mentioned this issue Oct 5, 2021
Closed
threedr3am added a commit to threedr3am/tsunami-security-scanner-plugins that referenced this issue Oct 5, 2021
@threedr3am
add NacosAuthBypassVulnDetector.(google#119)
7f49727
@threedr3am threedr3am changed the title PRP: Request alibaba nacos(<=1.4.0) 'NACOS-ISSUE #4593' User-Agent authentication bypass vulnerability PRP: Request alibaba nacos(<=1.4.0) 'NACOS-ISSUE #4593' CVE-2021-29441 User-Agent authentication bypass vulnerability Oct 5, 2021
@threedr3am threedr3am mentioned this issue Oct 5, 2021
Closed
@threedr3am
Copy link
Contributor Author

dockerfile: https://github.com/threedr3am/nacos-docker

@threedr3am
Copy link
Contributor Author

  1. git clone https://github.com/threedr3am/nacos-docker.git
  2. build.sh
  3. run.sh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
PRP:Request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@threedr3am @magl0