CVE-2022-4962

Name of the Vulnerable Software and Affected Versions Apollo versions 2.0.0 through 2.0.1

Description A vulnerability was found in the Configuration Center component, affecting some unknown functionality of the file /users. This issue leads to improper authorization and can be exploited remotely. The exploit has been disclosed to the public. The existence of this vulnerability is still disputed. The maintainer notes that user data, such as user id, name, and email, are not considered sensitive.

Recommendations For Apollo versions 2.0.0 through 2.0.1, consider restricting access to the /users file in the Configuration Center component as a temporary workaround until further guidance is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.