apolloconfig 漏洞与 CVE 列表(5)

产品(CPE): — CVE 数: 5

apolloconfig 漏洞概览

汇总 apolloconfig 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

常见弱点模式包括 CSRF与路径处理缺陷,在 软件部署与生产负载 使用场景中可能带来 文件覆盖 等风险。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 155 CVE 数
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2024-43397 Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue was addressed with an input parameter check which was released in version 2.3.0. [email protected] 4.3 0.35% 2024-08-20 2026-06-17
CVE-2024-42662 An issue in apollocongif apollo v.2.2.0 allows a remote attacker to obtain sensitive information via a crafted request. [email protected] 7.5 0.53% 2024-08-20 2026-06-17
CVE-2022-4962 A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-250430 is the identifier assigned to this vulnerability. NOTE: The maintainer explai [email protected] 4.3 0.46% 2024-01-12 2026-06-17
CVE-2023-25570 Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers may access eureka directly to mock apollo-configservice and apollo-adminservice. Login authentication for eureka was added in version 2.1.0. As a workaround, avoid exposing apollo-configservice to the inte [email protected] 7.5 0.82% 2023-02-20 2026-06-17
CVE-2023-25569 Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cookie SameSite strategy was set to Lax in version 2.1.0. As a workaround, avoid visiting unknown source pages. [email protected] 5.7 0.35% 2023-02-20 2026-06-17
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
cvelogic Threat Intelligence