CVE-2023-25570: 
Java vulnerability analysis and mitigation

CVE-2023-25570 is a security vulnerability in Apollo Configuration Management System affecting versions prior to 2.1.0. The vulnerability stems from improper authorization in the Eureka Service Discovery component, where the service registry runs without authentication checks in the default configuration (GitHub Advisory).

The vulnerability exists in the default configuration where the Service Registry (Eureka) runs on the same tomcat instance without any authorization checks. When a new Config instance starts, it sends an unauthenticated lease request to Eureka. Eureka does not verify the legitimacy of new Client applications and simply adds them to the list. This means token authentication on the Config and Admin components can be bypassed as Eureka does not authenticate service registration requests (GitHub Lab).

If apollo-configservice is exposed to the internet (which is not recommended), malicious actors could potentially access Eureka directly to mock apollo-configservice and apollo-adminservice. Additionally, if a malicious actor has network access to the Tomcat instance where Config or Admin services are running but does not know a token, they can leak the token by interacting with the Eureka API (GitHub Advisory, GitHub Lab).

The vulnerability was patched in Apollo version 2.1.0 by adding login authentication for Eureka. For users unable to upgrade, the recommended workaround is to not expose apollo-configservice to the internet. For those upgrading to version 2.1.0, the fix includes enabling login authentication for Eureka through configuration options apollo.eureka.server.security.enabled, apollo.eureka.server.security.username, and apollo.eureka.server.security.password (GitHub Advisory).