CVE-2020-29591

2020-12-1115:15:12

Google

osv.dev

7.3 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

81.1%

JSON

Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.

CPENameOperatorVersion
distributioneqdocs-v2.4.1-2016-06-28
distributioneq2.0.0-rc.3
distributioneq2.0.0-alpha.0
distributioneq2.0.0-alpha.3
distributioneq2.1.0-rc.0
distributioneq2.3.0-alpha
distributioneq2.0.0-rc.2
distributioneq2.2.0
distributioneq2.5.0-rc.1
distributioneq2.1.0

Name	Operator	Version
distribution	eq	docs-v2.4.1-2016-06-28
distribution	eq	2.0.0-rc.3
distribution	eq	2.0.0-alpha.0
distribution	eq	2.0.0-alpha.3
distribution	eq	2.1.0-rc.0
distribution	eq	2.3.0-alpha
distribution	eq	2.0.0-rc.2
distribution	eq	2.2.0
distribution	eq	2.5.0-rc.1
distribution	eq	2.1.0