Filtered by vendor Onepeloton Subscriptions
Filtered by product Peloton Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-40527 1 Onepeloton 1 Peloton 2024-11-21 8.6 High
Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application.