New! Check out our Compatibility Matrix to test across 60,000+ combinations of distributions, k8s versions, and configurations.

CVE-2021-43058

Replicated Classic CVE-2021-43058

Summary

URL redirection to untrusted site (“Open Redirect”).

Advisory Release Date

28 Oct 2020 11 AM PDT (Pacific Time, -7 hours)

Product

Replicated Classic

Affected Replicated Classic Versions

2.53.1

Patched Replicated Classic Versions

2.53.1 – (all later versions)

CVE ID(s)

CVE-2021-43058

Summary of Vulnerability

This advisory discloses a low severity security vulnerability in the versions of Replicated Classic listed above (“Affected Replicated Classic Versions”)

Description

An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site.

Timeline

This issue was discovered during a security review on 16 September 2021.
Patched versions were released on 23 September 2021.
This advisory was embargoed until 28 Oct 2021.

Acknowledgements

Credit for finding and disclosing this vulnerability goes to Stephan Sekula.

Company

About UsBlogCareersPress RoomSecurity

Projects

EnterpriseReadyGitHubModern On-PremSlackerNewsK8s Compatibility Testing

Developers

DocumentationAPI ReferenceCLI ReferenceCommunitySupport

Find Us On

Subscribe to our newsletter

The latest news, articles, and resources, sent to your inbox.

I agree to receive communications from Replicated. View our Privacy Policy.

This site uses reCAPTCHA to fight spam. The Google Privacy Policy and Terms of Service apply.

Thank you! You've been added to our monthly newsletter.
Oops! Something went wrong while submitting the form.

© 2024, Replicated, Inc. All Rights Reserved.

TermsPrivacySecuritycontact@replicated.com(323) 621-3034