Apollo
CVE-2024-43397
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue was addressed with an input parameter check which was released in version 2.3.0.
AnalysisAI
Apollo is a configuration management system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-284. Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue was addressed with an input parameter check which was released in version 2.3.0. Affected products include: Apolloconfig Apollo. Version information: version 2.3.0..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. Rated critical severity (CVSS 10.0),
A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Rated medium severity (CVSS 4.3), this vu
An issue in apollocongif apollo v.2.2.0 allows a remote attacker to obtain sensitive information via a crafted request.
Apollo is a configuration management system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable,
apollo-adminservice before version 1.7.1 does not implement access controls. Rated high severity (CVSS 7.0), this vulner
Apollo is a configuration management system. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitabl
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today