Apollo has potential access control security issue in eureka
CVE-2023-25570
7.5HIGH
What is CVE-2023-25570?
Apollo, a popular configuration management system, presents security vulnerabilities if users expose the apollo-configservice to the public internet. Prior to version 2.1.0, the integrated eureka service lacks authentication, allowing potential attackers to access it directly. This could lead to unauthorized manipulation of the apollo-configservice and apollo-adminservice. Version 2.1.0 introduces a login authentication feature for eureka to mitigate this risk. To enhance security, it is advisable to avoid internet exposure of the configuration service until the latest version is implemented.
Affected Version(s)
apollo < 2.1.0
