Vulnerabilities (CVE)

Filtered by vendor Onepeloton Subscribe
Filtered by product Peloton
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-40527 1 Onepeloton 1 Peloton 2024-11-21 5.0 MEDIUM 8.6 HIGH
Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application.