THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-jxpj-9j24-w337 (medium) — Apollo Portal: There is a risk of unauthorized access to the Apollo configuration center

[GHSA] GHSA-jxpj-9j24-w337 (medium) — Apollo Portal: There is a risk of unauthorized access to the Apollo configuration center

highgithub_advisoriesPublished 2026-07-13

GHSA-jxpj-9j24-w337 Severity: medium CVE: CVE-2025-32781

Apollo Portal: There is a risk of unauthorized access to the Apollo configuration center

### Summary

Apollo Portal versions before 2.5.0 do not verify application and namespace permissions when an authenticated user requests a release by ID through `GET /envs/{env}/releases/{releaseId}`.

When `configView.memberOnly.envs` is enabled for t

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://github.com/advisories/GHSA-jxpj-9j24-w337