← Back to CVE List

CVE-2023-25570

Published: 2023-02-20T16:15Z
Last Modified: 2024-11-21T07:49Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers may access eureka directly to mock apollo-configservice and apollo-adminservice. Login authentication for eureka was added in version 2.1.0. As a workaround, avoid exposing apollo-configservice to the internet. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt