Описание
Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue was addressed with an input parameter check which was released in version 2.3.0.
Ссылки
- Patch
- Issue TrackingPatch
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.3.0 (исключая)
cpe:2.3:a:apolloconfig:apollo:*:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00098
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-284
NVD-CWE-Other
Связанные уязвимости
CVSS3: 4.3
github
больше 1 года назад
apollo-portal has potential unauthorized access issue
EPSS
Процентиль: 27%
0.00098
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-284
NVD-CWE-Other