Lucene search
K
ApolloconfigApollo

5 matches found

CVE
CVE
added 2023/02/20 3:22 p.m.104 views

CVE-2023-25570

Affected product; Apollo (configuration management). Prior to version 2.1.0, exposing apollo-configservice to the internet could allow attackers to access the built‑in eureka service due to lack of login authentication, enabling potential impersonation of apollo-configservice and apollo-adminserv...

7.5CVSS7.7AI score0.00823EPSS
CVE
CVE
added 2024/08/20 2:50 p.m.77 views

CVE-2024-43397

CVE-2024-43397 affects Apollo’s synchronization configuration feature in the open-source Apollo configuration management system. The vulnerability allows an attacker to bypass permission checks via crafted requests, enabling modification of a namespace without the required rights. The root cause ...

4.3CVSS4.3AI score0.00349EPSS
CVE
CVE
added 2024/08/20 12:0 a.m.71 views

CVE-2024-42662

CVE-2024-42662 affects apollocongif apollo version 2.2.0. The issue allows a remote attacker to obtain sensitive information via a crafted request, impacting confidentiality (per CVSS 3.1: High, Network, no user interaction). Concrete root cause, affected files, or patched versions are not detail...

7.5CVSS6AI score0.0053EPSS
CVE
CVE
added 2024/01/12 10:0 p.m.59 views

CVE-2022-4962

Summary (CVE-2022-4962) : Several sources describe a vulnerability in Apollo 2.0.0/2.0.1 within the Configuration Center’s /users functionality, causing improper authorization. The issue is exploitable remotely and, per the documents, the exploit has been disclosed publicly. There is no publicly ...

4.3CVSS4.6AI score0.00463EPSS
CVE
CVE
added 2023/02/20 3:12 p.m.58 views

CVE-2023-25569

CVE-2023-25569 (Apollo portal) : Prior to version 2.1.0, a low-privileged user can trigger creation of a special web page that an authenticated portal admin might visit, allowing the page to silently issue a request to assign new roles to that user without admin confirmation. This is effectively ...

5.7CVSS5.5AI score0.00351EPSS