High severity8.6NVD Advisory· Published Oct 25, 2021· Updated Jun 17, 2026
CVE-2021-40527
CVE-2021-40527
Description
Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application.
Affected products
2- onepeloton/erlichdescription
- Range: <=1.7.22
Patches
Vulnerability mechanics
References
1- twitter.com/ROPsicle/status/1438216078103044107nvdThird Party Advisory
News mentions
0No linked articles in our index yet.