CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42718 – Sensitive data unnecessarily returned from authenticated API
https://notcve.org/view.php?id=CVE-2021-42718
23 Jan 2025 — Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing container definitions with environment variables through the Admin Console API on port 8800. This CVE was originally reserved in 2021 and later publicly disclosed by Replicated on their website on 21 October 2021. However, it mistakenly remained in the Reserved But Public (RBP) st... • https://www.replicated.com/cve-2021-42718 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43058
https://notcve.org/view.php?id=CVE-2021-43058
01 Nov 2021 — An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site. Se presenta una vulnerabilidad de redireccionamiento abierto en Replicated Classic versiones anteriores a 2.53.1, que podría conllevar a una suplantación de identidad. Para explotar esta vulnerabilidad, un atacante podrí... • https://www.replicated.com/security/advisories/CVE-2021-43058 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •