1233 matches found
CVE-2023-25570
Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers ma...
Design/Logic Flaw
Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cooki...
Authentication flaw
Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers ma...
CVE-2023-25570 Apollo has potential access control security issue in eureka
Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers ma...
CVE-2023-25570
Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers ma...
CVE-2023-25570 Apollo has potential access control security issue in eureka
Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers ma...
CVE-2023-25570 Apollo has potential access control security issue in eureka
Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers ma...
CVE-2023-25570
Affected product; Apollo (configuration management). Prior to version 2.1.0, exposing apollo-configservice to the internet could allow attackers to access the built‑in eureka service due to lack of login authentication, enabling potential impersonation of apollo-configservice and apollo-adminserv...
CVE-2023-25569 apollo-portal has potential CSRF issue
Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cooki...
CVE-2023-25569
CVE-2023-25569 (Apollo portal) : Prior to version 2.1.0, a low-privileged user can trigger creation of a special web page that an authenticated portal admin might visit, allowing the page to silently issue a request to assign new roles to that user without admin confirmation. This is effectively ...
CVE-2023-25569 apollo-portal has potential CSRF issue
Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cooki...
Apollo 访问控制错误漏洞
Apollo is a set of PHP scripts by Alex Breen, an individual developer. It is intended to provide a web-based interface for students to upload coursework. A security vulnerability exists in Apollo versions prior to 2.1.0 that stems from not enabling authentication for the built-in eureka service,...
PT-2023-20169 · Apollo · Apollo
Name of the Vulnerable Software and Affected Versions: Apollo versions prior to 2.1.0 Description: Apollo is a configuration management system. There are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no...
Apollo 跨站请求伪造漏洞
Apollo is a set of PHP scripts by Alex Breen, an individual developer. It is designed to provide a web-based interface for students to upload coursework. A security vulnerability exists in Apollo versions prior to 2.1.0, where a low-privileged user can create a special web page, which an...
CVE-2022-27891
Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected servic...
CVE-2022-27891 Palantir Gotham included an unauthenticated endpoint that listed all active usernames in the platform with an active session.
Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected servic...
PT-2023-12921 · Palantir · Palantir Gotham
Name of the Vulnerable Software and Affected Versions: Palantir Gotham versions prior to 103.30221005.0 Description: The issue concerns an unauthenticated endpoint in Palantir Gotham that lists all active usernames on the stack with an active session. The affected services have been patched and...
CVE-2015-10043
A vulnerability, which was classified as critical, was found in abreen Apollo. This affects an unknown part. The manipulation of the argument file leads to path traversal. The patch is named 6206406630780bbd074aff34f4683fb764faba71. It is recommended to apply a patch to fix this issue. The...
Path traversal
A vulnerability, which was classified as critical, was found in abreen Apollo. This affects an unknown part. The manipulation of the argument file leads to path traversal. The patch is named 6206406630780bbd074aff34f4683fb764faba71. It is recommended to apply a patch to fix this issue. The...
CVE-2015-10043
CVE-2015-10043 describes a path-traversal vulnerability in the abreen Apollo PHP scripts. The issue arises from manipulation of the file argument, affecting an unknown part of the codebase. A patch is available: 6206406630780bbd074aff34f4683fb764faba71, and applying it is recommended to fix the i...