Vulnerabilities > CVE-2020-10590 - Unspecified vulnerability in Replicated Classic 2.41.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

replicated

NVD

Published: 2021-07-30

Updated: 2022-06-28

Summary

Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.

Vulnerable Configurations

Part	Description	Count
Application	Replicated Replicated Replicated Classic * Replicated Replicated Classic 2.41.0	2

References

https://gradle.com/enterprise/releases/2019.5/#changes
https://www.replicated.com/security/advisories/CVE-2020-10590
https://blog.replicated.com