Primary

Context

Replicated Classic Information Disclosure Vulnerability in Admin Console API

Vulnerability

Patched

A vulnerability in the Replicated Classic application, in versions prior to 2.53.1, allows authenticated users with Admin Console access to access sensitive information through the Admin Console API on port 8800. This vulnerability arises from the API unintentionally exposing application secrets by returning container definitions that include environment variables. Depending on the application's configuration, these variables may contain passwords and other confidential data. The issue was identified during a security review on September 16, 2021, and patched in version 2.53.1.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive application data, including secrets and passwords, through the Admin Console API.

Remediation

Users can upgrade to Replicated Classic version 2.53.1 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Replicated Classic Information Disclosure Vulnerability in Admin Console API

Vulnerability

Impact

Remediation

Affected Products

Replicated Classic

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating