EUVD-2020-1441

Malware in sbrugna...

CVE-2023-25570

Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers ma...

CVE-2023-25570 Apollo has potential access control security issue in eureka

Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers ma...

Potential access control security issue in apollo-adminservice

Impact If users expose apollo-adminservice to internetwhich is not recommended, there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have built-in access control. Malicious hackers may access apollo-adminservice apis directly to access/edit...

GHSA-XPMX-H7XQ-XFFH Potential access control security issue in apollo-adminservice

Impact If users expose apollo-adminservice to internetwhich is not recommended, there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have built-in access control. Malicious hackers may access apollo-adminservice apis directly to access/edit...

CVE-2020-15170

apollo-adminservice before version 1.7.1 does not implement access controls. If users expose apollo-adminservice to internetwhich is not recommended, there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have access control built-in. Maliciou...

Design/Logic Flaw

apollo-adminservice before version 1.7.1 does not implement access controls. If users expose apollo-adminservice to internetwhich is not recommended, there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have access control built-in. Maliciou...

CVE-2020-15170

CVE-2020-15170 affects apollo-adminservice prior to version 1.7.1, which does not implement access controls. Several trusted sources indicate that exposing apollo-adminservice to the Internet can allow direct access to APIs, enabling reading/editing of application configurations. The root cause i...

Improper Input Validation

apollo-adminservice does not implement access controls. If users expose apollo-adminservice to internetwhich is not recommended, there are potential security issues since apollo-adminservice is designed to work in intranet and it does not have access control built-in. Malicious hackers may access...