Описание
Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.
Ссылки
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.10.0 (включая) до 2.32.3 (включая)Версия от 2.33.0 (включая) до 2.36.0 (включая)Версия от 2.37.0 (включая) до 2.37.1 (включая)Версия от 2.38.0 (включая) до 2.38.5 (включая)Версия от 2.39.0 (включая) до 2.39.3 (включая)Версия от 2.40.0 (включая) до 2.40.3 (включая)Версия от 2.42.0 (включая) до 2.42.3 (включая)
Одно из
cpe:2.3:a:replicated:replicated_classic:*:*:*:*:*:*:*:*
cpe:2.3:a:replicated:replicated_classic:*:*:*:*:*:*:*:*
cpe:2.3:a:replicated:replicated_classic:*:*:*:*:*:*:*:*
cpe:2.3:a:replicated:replicated_classic:*:*:*:*:*:*:*:*
cpe:2.3:a:replicated:replicated_classic:*:*:*:*:*:*:*:*
cpe:2.3:a:replicated:replicated_classic:*:*:*:*:*:*:*:*
cpe:2.3:a:replicated:replicated_classic:*:*:*:*:*:*:*:*
cpe:2.3:a:replicated:replicated_classic:2.41.0:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00348
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.
EPSS
Процентиль: 57%
0.00348
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo