CVE-2020-15170

Name of the Vulnerable Software and Affected Versions apollo-adminservice versions prior to 1.7.1

Description The issue arises when apollo-adminservice is exposed to the internet, which is not recommended, as it is designed to work in an intranet and lacks built-in access controls. This could allow malicious hackers to access apollo-adminservice APIs directly, potentially accessing or editing the application's configurations.

Recommendations For versions prior to 1.7.1, to fix the potential issue without upgrading, simply follow the advice to not expose apollo-adminservice to the internet. For version 1.7.1 and later, no additional actions are required as access control for admin service was added in this version.