Lucene search
+L

6 matches found

NVD
NVD
added yesterday5 views

CVE-2025-32781

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.0, Apollo Portal does not verify application and namespace permissions when an authenticated user requests a release by ID through GET /envs/env/releases/releaseId while...

6.5CVSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2025-32781

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.0, Apollo Portal does not verify application and namespace permissions when an authenticated user requests a release by ID through GET /envs/env/releases/releaseId while...

6.5CVSS6.1AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 3 days ago5 views

Apollo Portal: There is a risk of unauthorized access to the Apollo configuration center

Summary Apollo Portal versions before 2.5.0 do not verify application and namespace permissions when an authenticated user requests a release by ID through GET /envs/env/releases/releaseId. When configView.memberOnly.envs is enabled for the requested environment, a low-privileged Portal user can...

6.5CVSS6.1AI score
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/20 2:50 p.m.20 views

CVE-2024-43397 Potential unauthorized access issue in apollo-portal

Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue was addressed wit...

4.3CVSS6.6AI score0.00349EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/08/20 2:50 p.m.37 views

CVE-2024-43397 Potential unauthorized access issue in apollo-portal

Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue was addressed wit...

4.3CVSS0.00349EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/02/20 3:12 p.m.50 views

CVE-2023-25569 apollo-portal has potential CSRF issue

Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cooki...

5.7CVSS5.7AI score0.00351EPSS
Exploits0References5
Rows per page
Query Builder