Lexu

**Name of the Vulnerable Software and Affected Versions** apollo-adminservice versions prior to 1.7.1 **Description** The issue arises when apollo-adminservice is exposed to the internet, which is not recommended, as it is designed to work in an intranet and lacks built-in access controls. This could allow malicious hackers to access apollo-adminservice APIs directly, potentially accessing or editing the application's configurations. **Recommendations** For versions prior to 1.7.1, to fix the potential issue without upgrading, simply follow the advice to not expose apollo-adminservice to the internet. For version 1.7.1 and later, no additional actions are required as access control for admin service was added in this version.