Vulnerability Details CVE-2021-40527
Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.0%
CVSS Severity
CVSS v3 Score 8.6
CVSS v2 Score 5.0
References
Products affected by CVE-2021-40527
-
cpe:2.3:a:onepeloton:peloton:-
-
cpe:2.3:a:onepeloton:peloton:1.7.22