Hi,

I want to contribute to the tsunami scanner with a plugin to detect alibaba nacos(1.4.1) 'NACOS-ISSUE #4701' authentication bypass vulnerability.

Vulnerability details:
alibaba/nacos#4701
When the nacos version is 1.4.1, after nacos opens the custom key-value authentication of serverIdentity, through a special URL structure, it can bypass authentication restrictions and access any http endpoint.
It can be seen from the issue that this vulnerability has been fixed, but there is no CVE number.

Type: CWE - 306 : Missing Authentication for Critical Function

The vulnerability should have a HIGH or CRITICAL severity rating if there is already a CVE ID assigned (CVSS score >= 7.0). yes
The vulnerability should be relatively new and have already been patched. yes
The vulnerability should have a relatively large impact radius. yes
The vulnerability should be remotely exploitable without authentication and user interaction. yes
The detector should provide a reliable false-positive free detection report. yes
The detector should have good unit test coverage. Google's open source projects should be thoroughly tested and there is no exception for the Tsunami project. yes
The detection capability should be easy to verify using both vulnerable and fixed Docker images. yes