Vulnerability Description
Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Replicated | Replicated Classic | >= 2.10.0, <= 2.32.3 |
References
- https://blog.replicated.comVendor Advisory
- https://gradle.com/enterprise/releases/2019.5/#changesThird Party Advisory
- https://www.replicated.com/security/advisories/CVE-2020-10590Vendor Advisory
- https://blog.replicated.comVendor Advisory
- https://gradle.com/enterprise/releases/2019.5/#changesThird Party Advisory
- https://www.replicated.com/security/advisories/CVE-2020-10590Vendor Advisory
FAQ
What is CVE-2020-10590?
CVE-2020-10590 is a vulnerability with a CVSS score of 7.5 (HIGH). Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8...
How severe is CVE-2020-10590?
CVE-2020-10590 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10590?
Check the references section above for vendor advisories and patch information. Affected products include: Replicated Replicated Classic.