CVE-2021-29442

HIGH EXPLOITED NUCLEI

Alibaba Nacos < 1.4.1 - Missing Authentication

Title source: rule

Description

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql)

Exploits (4)

nomisec SUSPICIOUS 3 stars

by VictorShem · poc

https://github.com/VictorShem/QVD-2024-26473

View Code ZIP pw:eip

nomisec WORKING POC

by nanaao · remote

https://github.com/nanaao/cve-2021-29442-Nacos-Derby-rce-exp

View Code ZIP pw:eip

vulncheck_xdb

remote

https://github.com/XiaomingX/cve-2021-29442-Nacos-Derby-rce-exp

View on vulncheck_xdb

inthewild

poc

https://github.com/xiaomingx/cve-2021-29442-nacos-derby-rce-exp

View on inthewild

Nuclei Templates (1)

Nacos <1.4.1 - Authentication Bypass

HIGHby dwisiswant0

References (3)

[Exploit, Third Party Advisory] https://github.com/advisories/GHSA-36hp-jr8h-556f

[Exploit, Third Party Advisory] https://github.com/alibaba/nacos/issues/4463

[Patch, Third Party Advisory] https://github.com/alibaba/nacos/pull/4517

Scores

CVSS v3 8.6

EPSS 0.9276

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Details

VulnCheck KEV 2023-11-19

CWE

CWE-306

Status published

Products (2)

alibaba/nacos < 1.4.1

com.alibaba.nacos/nacos-common 0 - 1.4.1Maven

Published Apr 27, 2021

Tracked Since Feb 18, 2026