Lucene search
GoogleOSV:CVE-2020-15170HistorySep 10, 2020 - 7:15 p.m.
CVE-2020-15170
2020-09-1019:15:13
Google
osv.dev
4
cve-2020-15170
access controls
internet exposure
security issue
configuration access
apollo-adminservice before version 1.7.1 does not implement access controls. If users expose apollo-adminservice to internet(which is not recommended), there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn’t have access control built-in. Malicious hackers may access apollo-adminservice apis directly to access/edit the application’s configurations. To fix the potential issue without upgrading, simply follow the advice that do not expose apollo-adminservice to internet.
Related
cvelist
cvelist
CVE-2020-15170 Missing access control in apollo-adminservice
2020-09-10 18:40:14
gitlab
gitlab
Improper Input Validation
2020-09-10 00:00:00
osv
osv
Potential access control security issue in apollo-adminservice
2020-10-02 16:33:41
veracode
veracode
Exposed API
2020-10-05 04:13:32
nvd
nvd
CVE-2020-15170
2020-09-10 19:15:13
github
github
Potential access control security issue in apollo-adminservice
2020-10-02 16:33:41
prion
prion
Design/Logic Flaw
2020-09-10 19:15:00
cve
cve
CVE-2020-15170
2020-09-10 19:15:13