Описание
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-29591
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5021
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29389
- https://github.com/docker/distribution-library-image
- https://github.com/donghyunlee00/CVE/blob/main/CVE-2020-29591
- https://hub.docker.com/_/registry
Связанные уязвимости
CVSS3: 9.8
nvd
около 5 лет назад
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.