Authentication Bypass by Primary Weakness

CVE-2024-49587

High

9.1/10

Summary

Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed Gotham Instances

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-305 - Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

References

Advisory Timeline

Published Dec 19, 2025

Authentication Bypass by Primary Weakness

CVE-2024-49587

Summary

CWE-305 - Authentication Bypass by Primary Weakness

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS