CVE-2020-10591

Name of the Vulnerable Software and Affected Versions Walmart Labs Concord versions prior to 1.44.0

Description An issue allows remote attackers to discover host information, nodes, API metadata, and references to usernames via the "api/v1/apikey" endpoint. This is due to CORS Access-Control-Allow-Origin headers having a potentially unsafe dependency on Origin headers and not being configurable.

Recommendations For versions prior to 1.44.0, update to version 1.44.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "api/v1/apikey" endpoint to minimize the risk of exploitation.