Lucene search

[email protected]CVE-2020-29575

HistoryDec 08, 2020 - 4:15 p.m.

CVE-2020-29575

2020-12-0816:15:11

[email protected]

web.nvd.nist.gov

cve-2020-29575

elixir

docker

image

security vulnerability

root access

blank password

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.8%

JSON

The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password.

Affected configurations

NVD

Node

dockerelixir_alpine_docker_imageRange<1.8.0

CPENameOperatorVersion
docker:elixir_alpine_docker_imagedocker elixir alpine docker imagelt1.8.0

CPE	Name	Operator	Version
docker:elixir_alpine_docker_image	docker elixir alpine docker image	lt	1.8.0

References

github.com/koharin/koharin2/blob/main/CVE-2020-29575

Social References

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.8%

JSON

Related for CVE-2020-29575

cvelist1 nvd1 prion1 openvas2