5 matches found
CVE-2023-25570
Affected product; Apollo (configuration management). Prior to version 2.1.0, exposing apollo-configservice to the internet could allow attackers to access the built‑in eureka service due to lack of login authentication, enabling potential impersonation of apollo-configservice and apollo-adminserv...
CVE-2024-43397
CVE-2024-43397 affects Apollo’s synchronization configuration feature in the open-source Apollo configuration management system. The vulnerability allows an attacker to bypass permission checks via crafted requests, enabling modification of a namespace without the required rights. The root cause ...
CVE-2024-42662
CVE-2024-42662 affects apollocongif apollo version 2.2.0. The issue allows a remote attacker to obtain sensitive information via a crafted request, impacting confidentiality (per CVSS 3.1: High, Network, no user interaction). Concrete root cause, affected files, or patched versions are not detail...
CVE-2022-4962
Summary (CVE-2022-4962) : Several sources describe a vulnerability in Apollo 2.0.0/2.0.1 within the Configuration Center’s /users functionality, causing improper authorization. The issue is exploitable remotely and, per the documents, the exploit has been disclosed publicly. There is no publicly ...
CVE-2023-25569
CVE-2023-25569 (Apollo portal) : Prior to version 2.1.0, a low-privileged user can trigger creation of a special web page that an authenticated portal admin might visit, allowing the page to silently issue a request to assign new roles to that user without admin confirmation. This is effectively ...