CyberSec.Space Logo
Back to CVE Browser

CVE-2020-10590

HIGH
7.5
CVSS Severity Score
EPSS Score0.1070%
EPSS Percentile1.75th
PublishedJul 30, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.

Affected Platforms (CPE)

πŸ“¦
Replicated

Replicated Classic

>= 2.10.0 and <= 2.32.3
πŸ“¦
Replicated

Replicated Classic

>= 2.33.0 and <= 2.36.0
πŸ“¦
Replicated

Replicated Classic

>= 2.37.0 and <= 2.37.1
πŸ“¦
Replicated

Replicated Classic

>= 2.38.0 and <= 2.38.5
πŸ“¦
Replicated

Replicated Classic

>= 2.39.0 and <= 2.39.3
πŸ“¦
Replicated

Replicated Classic

>= 2.40.0 and <= 2.40.3
πŸ“¦
Replicated

Replicated Classic

>= 2.42.0 and <= 2.42.3
πŸ“¦
Replicated

Replicated Classic

= 2.41.0

References & Advisories

πŸ”— https://blog.replicated.com
πŸ”— https://gradle.com/enterprise/releases/2019.5/#changes
πŸ”— https://www.replicated.com/security/advisories/CVE-2020-10590
πŸ”— https://blog.replicated.com
πŸ”— https://gradle.com/enterprise/releases/2019.5/#changes
πŸ”— https://www.replicated.com/security/advisories/CVE-2020-10590

Related Vulnerabilities

CVE-2021-430586.1

An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this ...

CVE-2021-427184.9

Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated user...

CVE-2020-696610.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...

CVE-2020-696110.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...