Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue was addressed with an input parameter check which was released in version 2.3.0.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| com.ctrip.framework.apollo:apollo(Maven) | 0 | 2.3.0 | N/A |
CVSS Metrics
