CVE-2020-10590
Last modified
CVE-2020-10590 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.. EPSS estimates a 1.31% chance of exploitation in the next 30 days.
Description
Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Replicated | Replicated Classic | >= 2.10.0, <= 2.32.3 |
| Replicated | Replicated Classic | >= 2.33.0, <= 2.36.0 |
| Replicated | Replicated Classic | >= 2.37.0, <= 2.37.1 |
| Replicated | Replicated Classic | >= 2.38.0, <= 2.38.5 |
| Replicated | Replicated Classic | >= 2.39.0, <= 2.39.3 |
| Replicated | Replicated Classic | >= 2.40.0, <= 2.40.3 |
| Replicated | Replicated Classic | >= 2.42.0, <= 2.42.3 |
| Replicated | Replicated Classic | 2.41.0 |
References
- https://blog.replicated.comVendor Advisory
- https://gradle.com/enterprise/releases/2019.5/#changesThird Party Advisory
- https://blog.replicated.comVendor Advisory
- https://gradle.com/enterprise/releases/2019.5/#changesThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-10590?
How severe is CVE-2020-10590?
How do I fix CVE-2020-10590?
Are you affected by CVE-2020-10590?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST