CVE-2021-29441: 
Java vulnerability analysis and mitigation

CVE-2021-29441 is an authentication bypass vulnerability in Alibaba Nacos discovered in April 2021. The vulnerability affects Nacos versions prior to 1.4.1 when authentication is enabled (nacos.core.auth.enabled=true). The issue stems from a backdoor in the AuthFilter servlet filter that was designed to enable Nacos servers to bypass authentication checks (GitHub Security Lab).

The vulnerability exists in the AuthFilter component where authentication can be bypassed through two methods. First, by using the 'Nacos-Server' user-agent header, and second, through a specially crafted URL structure ending with a trailing slash. The AuthFilter's logic fails to properly enforce authentication when these conditions are met, allowing unauthorized access to protected endpoints. The vulnerability was assigned a high severity rating with an EPSS score of 96.802%, indicating a high likelihood of exploitation (GitHub Advisory).

The vulnerability allows unauthorized users to perform administrative tasks on the Nacos server, including accessing any console or REST API endpoints. Attackers can add new users, access configuration data, and perform other privileged operations without proper authentication (GitHub Security Lab).

The vulnerability was patched in Nacos version 1.4.1. Organizations should upgrade to this version or later. For those unable to upgrade immediately, a temporary mitigation involves setting 'nacos.core.auth.enable.userAgentAuthWhite=false' in the application.properties file, though this alone may not fully prevent exploitation (GitHub Security Lab).