CVE-2020-15170

apollo-adminservice before version 1.7.1 does not implement access controls. If users expose apollo-adminservice to internet(which is not recommended), there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have access control built-in. Malicious hackers may access apollo-adminservice apis directly to access/edit the application's configurations. To fix the potential issue without upgrading, simply follow the advice that do not expose apollo-adminservice to internet.
Configurations

Configuration 1

cpe:2.3:a:ctrip:apollo:*:*:*:*:*:*:*:*

Information

Published : 2020-09-10 07:15

Updated : 2021-11-18 05:49


NVD link : CVE-2020-15170

Mitre link : CVE-2020-15170

Products Affected
No products.