3 matches found
CVE-2023-25570
Affected product; Apollo (configuration management). Prior to version 2.1.0, exposing apollo-configservice to the internet could allow attackers to access the built‑in eureka service due to lack of login authentication, enabling potential impersonation of apollo-configservice and apollo-adminserv...
CVE-2024-43397
CVE-2024-43397 affects Apollo’s synchronization configuration feature in the open-source Apollo configuration management system. The vulnerability allows an attacker to bypass permission checks via crafted requests, enabling modification of a namespace without the required rights. The root cause ...
CVE-2023-25569
CVE-2023-25569 (Apollo portal) : Prior to version 2.1.0, a low-privileged user can trigger creation of a special web page that an authenticated portal admin might visit, allowing the page to silently issue a request to assign new roles to that user without admin confirmation. This is effectively ...