Security Advisory

CVE-2023-25569

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-02-20 15:12:35

Last updated 2025-03-10 21:08:07

Assigner GitHub_M

State PUBLISHED

Description

Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cookie SameSite strategy was set to Lax in version 2.1.0. As a workaround, avoid visiting unknown source pages.

← Browse all CVEs View on cve.org ↗