Search criteria
6 vulnerabilities found for replicated_classic by replicated
FKIE_CVE-2021-43058
Vulnerability from fkie_nvd - Published: 2021-11-01 22:15 - Updated: 2024-11-21 06:28
Severity ?
Summary
An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| replicated | replicated_classic | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:replicated:replicated_classic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92062BD6-1968-4108-8383-F6DF3FE0B369",
"versionEndExcluding": "2.53.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de redireccionamiento abierto en Replicated Classic versiones anteriores a 2.53.1, que podr\u00eda conllevar a una suplantaci\u00f3n de identidad. Para explotar esta vulnerabilidad, un atacante podr\u00eda enviar un enlace con una URL especialmente dise\u00f1ada y convencer al usuario de que haga clic en el enlace, redirigiendo al usuario a un sitio no confiable"
}
],
"id": "CVE-2021-43058",
"lastModified": "2024-11-21T06:28:37.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-01T22:15:08.173",
"references": [
{
"source": "security@replicated.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.replicated.com/security/advisories/CVE-2021-43058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.replicated.com/security/advisories/CVE-2021-43058"
}
],
"sourceIdentifier": "security@replicated.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-10590
Vulnerability from fkie_nvd - Published: 2021-07-30 14:15 - Updated: 2024-11-21 04:55
Severity ?
Summary
Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://blog.replicated.com | Vendor Advisory | |
| cve@mitre.org | https://gradle.com/enterprise/releases/2019.5/#changes | Third Party Advisory | |
| cve@mitre.org | https://www.replicated.com/security/advisories/CVE-2020-10590 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.replicated.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gradle.com/enterprise/releases/2019.5/#changes | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.replicated.com/security/advisories/CVE-2020-10590 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| replicated | replicated_classic | * | |
| replicated | replicated_classic | * | |
| replicated | replicated_classic | * | |
| replicated | replicated_classic | * | |
| replicated | replicated_classic | * | |
| replicated | replicated_classic | * | |
| replicated | replicated_classic | * | |
| replicated | replicated_classic | 2.41.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:replicated:replicated_classic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A13F1249-8DFC-4CCB-8E39-5237958CA278",
"versionEndIncluding": "2.32.3",
"versionStartIncluding": "2.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:replicated:replicated_classic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD962E0-AD59-45C2-9AA2-825CD1589522",
"versionEndIncluding": "2.36.0",
"versionStartIncluding": "2.33.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:replicated:replicated_classic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10023122-0F02-4D4A-B413-5227EE939BB7",
"versionEndIncluding": "2.37.1",
"versionStartIncluding": "2.37.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:replicated:replicated_classic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFC23B4-835F-4ACC-91E2-76752F14E7A3",
"versionEndIncluding": "2.38.5",
"versionStartIncluding": "2.38.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:replicated:replicated_classic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10D63E7B-B00E-4F2B-AF6D-DAA6EAC614F9",
"versionEndIncluding": "2.39.3",
"versionStartIncluding": "2.39.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:replicated:replicated_classic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC5AF21-62BD-4883-8941-7690D7EEF64F",
"versionEndIncluding": "2.40.3",
"versionStartIncluding": "2.40.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:replicated:replicated_classic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "304928C9-4462-43C1-99E3-7C01101E4DAB",
"versionEndIncluding": "2.42.3",
"versionStartIncluding": "2.42.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:replicated:replicated_classic:2.41.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0350B1B8-C397-4CE1-B9E7-73D93B80DA6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console."
},
{
"lang": "es",
"value": "Replicated Classic versiones 2.x, presentan una API asegurada inapropiadamente que expone datos confidenciales de la configuraci\u00f3n de la Consola de Administraci\u00f3n Replicada. Un atacante con acceso de red al puerto de la Consola de Administraci\u00f3n (8800) en el servidor de Replicated Classic podr\u00eda recuperar el par de claves TLS (Cert y Key) usado para configurar la Consola de Administraci\u00f3n"
}
],
"id": "CVE-2020-10590",
"lastModified": "2024-11-21T04:55:39.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-30T14:15:12.930",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.replicated.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gradle.com/enterprise/releases/2019.5/#changes"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.replicated.com/security/advisories/CVE-2020-10590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.replicated.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gradle.com/enterprise/releases/2019.5/#changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.replicated.com/security/advisories/CVE-2020-10590"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-43058 (GCVE-0-2021-43058)
Vulnerability from cvelistv5 – Published: 2021-11-01 21:03 – Updated: 2024-08-04 03:47
VLAI?
Summary
An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site.
Severity ?
No CVSS data available.
CWE
- URL redirection to untrusted site (“Open Redirect”).
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | REPLICATED CLASSIC |
Affected:
All versions prior to 2.53.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:13.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.replicated.com/security/advisories/CVE-2021-43058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "REPLICATED CLASSIC",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2.53.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "URL redirection to untrusted site (\u201cOpen Redirect\u201d).",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T21:03:18",
"orgId": "7d06583b-61c8-4499-8067-80a92a3b48e1",
"shortName": "Replicated"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.replicated.com/security/advisories/CVE-2021-43058"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@replicated.com",
"ID": "CVE-2021-43058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "REPLICATED CLASSIC",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.53.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL redirection to untrusted site (\u201cOpen Redirect\u201d)."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.replicated.com/security/advisories/CVE-2021-43058",
"refsource": "MISC",
"url": "https://www.replicated.com/security/advisories/CVE-2021-43058"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d06583b-61c8-4499-8067-80a92a3b48e1",
"assignerShortName": "Replicated",
"cveId": "CVE-2021-43058",
"datePublished": "2021-11-01T21:03:18",
"dateReserved": "2021-10-28T00:00:00",
"dateUpdated": "2024-08-04T03:47:13.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10590 (GCVE-0-2020-10590)
Vulnerability from cvelistv5 – Published: 2021-07-28 11:38 – Updated: 2024-08-04 11:06
VLAI?
Summary
Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:10.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.replicated.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gradle.com/enterprise/releases/2019.5/#changes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.replicated.com/security/advisories/CVE-2020-10590"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T11:38:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.replicated.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gradle.com/enterprise/releases/2019.5/#changes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.replicated.com/security/advisories/CVE-2020-10590"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.replicated.com",
"refsource": "MISC",
"url": "https://blog.replicated.com"
},
{
"name": "https://gradle.com/enterprise/releases/2019.5/#changes",
"refsource": "CONFIRM",
"url": "https://gradle.com/enterprise/releases/2019.5/#changes"
},
{
"name": "https://www.replicated.com/security/advisories/CVE-2020-10590",
"refsource": "MISC",
"url": "https://www.replicated.com/security/advisories/CVE-2020-10590"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10590",
"datePublished": "2021-07-28T11:38:46",
"dateReserved": "2020-03-15T00:00:00",
"dateUpdated": "2024-08-04T11:06:10.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43058 (GCVE-0-2021-43058)
Vulnerability from nvd – Published: 2021-11-01 21:03 – Updated: 2024-08-04 03:47
VLAI?
Summary
An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site.
Severity ?
No CVSS data available.
CWE
- URL redirection to untrusted site (“Open Redirect”).
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | REPLICATED CLASSIC |
Affected:
All versions prior to 2.53.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:13.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.replicated.com/security/advisories/CVE-2021-43058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "REPLICATED CLASSIC",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2.53.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "URL redirection to untrusted site (\u201cOpen Redirect\u201d).",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T21:03:18",
"orgId": "7d06583b-61c8-4499-8067-80a92a3b48e1",
"shortName": "Replicated"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.replicated.com/security/advisories/CVE-2021-43058"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@replicated.com",
"ID": "CVE-2021-43058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "REPLICATED CLASSIC",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.53.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "URL redirection to untrusted site (\u201cOpen Redirect\u201d)."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.replicated.com/security/advisories/CVE-2021-43058",
"refsource": "MISC",
"url": "https://www.replicated.com/security/advisories/CVE-2021-43058"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d06583b-61c8-4499-8067-80a92a3b48e1",
"assignerShortName": "Replicated",
"cveId": "CVE-2021-43058",
"datePublished": "2021-11-01T21:03:18",
"dateReserved": "2021-10-28T00:00:00",
"dateUpdated": "2024-08-04T03:47:13.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10590 (GCVE-0-2020-10590)
Vulnerability from nvd – Published: 2021-07-28 11:38 – Updated: 2024-08-04 11:06
VLAI?
Summary
Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:10.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.replicated.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gradle.com/enterprise/releases/2019.5/#changes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.replicated.com/security/advisories/CVE-2020-10590"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-28T11:38:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.replicated.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gradle.com/enterprise/releases/2019.5/#changes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.replicated.com/security/advisories/CVE-2020-10590"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.replicated.com",
"refsource": "MISC",
"url": "https://blog.replicated.com"
},
{
"name": "https://gradle.com/enterprise/releases/2019.5/#changes",
"refsource": "CONFIRM",
"url": "https://gradle.com/enterprise/releases/2019.5/#changes"
},
{
"name": "https://www.replicated.com/security/advisories/CVE-2020-10590",
"refsource": "MISC",
"url": "https://www.replicated.com/security/advisories/CVE-2020-10590"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10590",
"datePublished": "2021-07-28T11:38:46",
"dateReserved": "2020-03-15T00:00:00",
"dateUpdated": "2024-08-04T11:06:10.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}