← Zuruck zu CVEs

CVE-2020-10590

HIGH

7.5

Beschreibung

Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.

CVE Details

CVSS v3.1 Bewertung7.5

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht7/30/2021

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

replicated:replicated_classic

Referenzen

https://blog.replicated.com(cve@mitre.org)

https://gradle.com/enterprise/releases/2019.5/#changes(cve@mitre.org)

https://www.replicated.com/security/advisories/CVE-2020-10590(cve@mitre.org)

https://blog.replicated.com(af854a3a-2127-422b-91ae-364da2661108)

https://gradle.com/enterprise/releases/2019.5/#changes(af854a3a-2127-422b-91ae-364da2661108)

https://www.replicated.com/security/advisories/CVE-2020-10590(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.