{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-03T04:59:38.421","vulnerabilities":[{"cve":{"id":"CVE-2024-43397","sourceIdentifier":"security-advisories@github.com","published":"2024-08-20T15:15:23.673","lastModified":"2026-06-17T07:50:58.117","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue was addressed with an input parameter check which was released in version 2.3.0."},{"lang":"es","value":"Apollo es un sistema de gestión de configuración. Existe una vulnerabilidad en la función de configuración de sincronización que permite a los usuarios crear solicitudes específicas para eludir las comprobaciones de permisos. Este exploit les permite modificar un espacio de nombres sin los permisos necesarios. El problema se solucionó con una verificación de parámetros de entrada que se lanzó en la versión 2.3.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"apolloconfig","product":"apollo","versions":[{"version":"< 2.3.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-08-20T17:18:31.077423Z","id":"CVE-2024-43397","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apolloconfig:apollo:*:*:*:*:*:*:*:*","versionEndExcluding":"2.3.0","matchCriteriaId":"E006ED33-D024-4D31-BCE6-E2F8121739D6"}]}]}],"references":[{"url":"https://github.com/apolloconfig/apollo/commit/f55b419145bf9d4f2f51dd4cd45108229e8d97ed","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/apolloconfig/apollo/pull/5192","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/apolloconfig/apollo/releases/tag/v2.3.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/apolloconfig/apollo/security/advisories/GHSA-c6c3-h4f7-3962","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}