← Volver a CVEs

CVE-2020-10590

HIGH

7.5

Descripcion

Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.

Detalles CVE

Puntuacion CVSS v3.17.5

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado7/30/2021

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

replicated:replicated_classic

Referencias

https://blog.replicated.com(cve@mitre.org)

https://gradle.com/enterprise/releases/2019.5/#changes(cve@mitre.org)

https://www.replicated.com/security/advisories/CVE-2020-10590(cve@mitre.org)

https://blog.replicated.com(af854a3a-2127-422b-91ae-364da2661108)

https://gradle.com/enterprise/releases/2019.5/#changes(af854a3a-2127-422b-91ae-364da2661108)

https://www.replicated.com/security/advisories/CVE-2020-10590(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.