CVE-2023-25570

Name of the Vulnerable Software and Affected Versions Apollo versions prior to 2.1.0

Description Apollo is a configuration management system. There are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers may access eureka directly to mock apollo-configservice and apollo-adminservice. Login authentication for eureka was added in version 2.1.0.

Recommendations For versions prior to 2.1.0, update to version 2.1.0 or later to enable login authentication for the eureka service. As a temporary workaround, avoid exposing apollo-configservice to the internet to prevent potential security issues.