CVE-2024-42662
- EPSS 0.22%
- Published 20.08.2024 15:15:23
- Last modified 14.03.2025 15:15:42
An issue in apollocongif apollo v.2.2.0 allows a remote attacker to obtain sensitive information via a crafted request.
CVE-2024-43397
- EPSS 0.1%
- Published 20.08.2024 15:15:23
- Last modified 26.08.2024 18:28:42
Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the nec...
CVE-2022-4962
- EPSS 0.06%
- Published 12.01.2024 22:15:44
- Last modified 21.11.2024 07:36:20
A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack...
CVE-2023-25569
- EPSS 0.06%
- Published 20.02.2023 16:15:10
- Last modified 21.11.2024 07:49:44
Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user withou...
CVE-2023-25570
- EPSS 0.08%
- Published 20.02.2023 16:15:10
- Last modified 21.11.2024 07:49:45
Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for th...