Lucene search
K

7 matches found

NVD
NVD
added yesterday4 views

CVE-2026-59955

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under...

7.5CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday7 views

CVE-2026-59954 Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to configuration data when AccessKey or management key authentication is enabled because ConfigService can accept a...

7.5CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-59955

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under...

7.5CVSS6.1AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 3 days ago13 views

Apollo ConfigService access key authentication bypass via appId parsing and non-canonical matching

Summary Apollo ConfigService may allow unauthorized access to configuration data when AccessKey / management key authentication is enabled and ConfigService accepts a non-canonical appId variant during authentication while downstream request handling resolves it to the protected app. Details...

7.5CVSS6.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/22 9:58 p.m.35 views

Apollo has potential access control security issue in eureka

Impact If users expose the apollo-configservice to the internetwhich is not recommended, there are potential security issues since there is no authentication feature enabled for the built-in eureka service. Malicious hackers may access eureka directly to mock apollo-configservice and...

7.5CVSS7.3AI score0.00823EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2023/02/20 3:22 p.m.65 views

CVE-2023-25570 Apollo has potential access control security issue in eureka

Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers ma...

7.5CVSS7.9AI score0.00823EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2023/02/20 3:22 p.m.4 views

CVE-2023-25570

Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers ma...

7.5CVSS7.8AI score0.00823EPSS
Exploits0References4
Rows per page
Query Builder