CVE-2020-10590
Description
Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Replicated Classic 2.x exposes TLS keypair via an unauthenticated API on port 8800, allowing network attackers to compromise encrypted communications.
Vulnerability
Replicated Classic 2.x [2] contains an improperly secured API that exposes sensitive data from the Admin Console configuration. An attacker with network access to the Admin Console port (8800) can retrieve the TLS keypair (certificate and private key) used to configure the Admin Console. The vulnerability affects all versions in the 2.x line.
Exploitation
No authentication is required. The attacker only needs network connectivity to the Replicated Classic server on TCP port 8800. By sending a crafted request to the vulnerable API endpoint, the attacker can obtain the TLS keypair without any user interaction or special privileges.
Impact
Successful exploitation allows the attacker to obtain the TLS private key and certificate. This compromises the confidentiality and integrity of encrypted communications to the Admin Console, enabling man-in-the-middle attacks, decryption of past and future traffic, and potential impersonation of the Admin Console.
Mitigation
No official fix has been disclosed in the available references. As a workaround, restrict network access to port 8800 to trusted hosts only. If a newer version of Replicated Classic is available, upgrading is recommended. Users should monitor the vendor's blog [2] for updates.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Replicated/Replicated Classicdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- blog.replicated.commitrex_refsource_MISC
- gradle.com/enterprise/releases/2019.5/mitrex_refsource_CONFIRM
- www.replicated.com/security/advisories/CVE-2020-10590mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.