CVE Vulnerabilities

CVE-2020-10590

Published: Jul 30, 2021 | Modified: Jun 28, 2022
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.

Affected Software

Name Vendor Start Version End Version
Replicated_classic Replicated 2.10.0 (including) 2.32.3 (including)
Replicated_classic Replicated 2.33.0 (including) 2.36.0 (including)
Replicated_classic Replicated 2.37.0 (including) 2.37.1 (including)
Replicated_classic Replicated 2.38.0 (including) 2.38.5 (including)
Replicated_classic Replicated 2.39.0 (including) 2.39.3 (including)
Replicated_classic Replicated 2.40.0 (including) 2.40.3 (including)
Replicated_classic Replicated 2.42.0 (including) 2.42.3 (including)
Replicated_classic Replicated 2.41.0 (including) 2.41.0 (including)

References