CVE-2024-49587

Name of the Vulnerable Software and Affected Versions Glutton V1 (affected versions not specified)

Description The Glutton V1 service had exposed endpoints on Gotham stacks without authentication. This allowed users without proper permissions to directly access the Glutton backend, potentially enabling them to read, update, or delete data. The affected service has been patched and automatically deployed to all Apollo-managed Gotham Instances. The issue grants full read/write capabilities to the backend.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.