THREAT OPS › Threat News › [GHSA] GHSA-jxpj-9j24-w337 (medium) — Apollo Portal: There is a risk of unauthorized access to the Apollo configuration center
[GHSA] GHSA-jxpj-9j24-w337 (medium) — Apollo Portal: There is a risk of unauthorized access to the Apollo configuration center
GHSA-jxpj-9j24-w337 Severity: medium CVE: CVE-2025-32781
Apollo Portal: There is a risk of unauthorized access to the Apollo configuration center
### Summary
Apollo Portal versions before 2.5.0 do not verify application and namespace permissions when an authenticated user requests a release by ID through `GET /envs/{env}/releases/{releaseId}`.
When `configView.memberOnly.envs` is enabled for t
MITRE ATT&CK techniques
- CredentialsT1589.001
Indicators of compromise
- 362735ded4f13b62f6ab9df135d7096066e8e291sha1
- CVE-2025-32781cve
Original source: https://github.com/advisories/GHSA-jxpj-9j24-w337