CVE-2021-42718

Name of the Vulnerable Software and Affected Versions Replicated Classic versions prior to 2.53.1

Description The issue allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing container definitions with environment variables through the Admin Console API on port 8800. This data is shared over authenticated sessions to the Admin Console only, and was never displayed or used in the application processing. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations To resolve the issue, update to version 2.53.1 or later. As a temporary workaround, consider restricting access to the Admin Console API on port 8800 to minimize the risk of exploitation. Avoid using environment variables that may contain sensitive data in container definitions until the issue is resolved.