CVE-2020-29576

Опубликовано: 08 дек. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Systems using the Eggdrop Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.

Ссылки

https://github.com/koharin/koharin2/blob/main/CVE-2020-29576
Third Party Advisory
https://github.com/koharin/koharin2/blob/main/CVE-2020-29576
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:eggheads:eggdrop_docker_image:1.6:*:*:*:*:*:*:*

cpe:2.3:a:eggheads:eggdrop_docker_image:1.6.21:*:*:*:*:*:*:*

cpe:2.3:a:eggheads:eggdrop_docker_image:1.8.0:*:*:*:*:*:*:*

cpe:2.3:a:eggheads:eggdrop_docker_image:1.8.0:rc1:*:*:*:*:*:*

cpe:2.3:a:eggheads:eggdrop_docker_image:1.8.0:rc2:*:*:*:*:*:*

cpe:2.3:a:eggheads:eggdrop_docker_image:1.8.0:rc3:*:*:*:*:*:*

cpe:2.3:a:eggheads:eggdrop_docker_image:1.8.0:rc4:*:*:*:*:*:*

cpe:2.3:a:eggheads:eggdrop_docker_image:1.8.1:*:*:*:*:*:*:*

cpe:2.3:a:eggheads:eggdrop_docker_image:1.8.1:rc2:*:*:*:*:*:*

cpe:2.3:a:eggheads:eggdrop_docker_image:1.8.2:*:*:*:*:*:*:*

cpe:2.3:a:eggheads:eggdrop_docker_image:1.8.2:rc1:*:*:*:*:*:*

cpe:2.3:a:eggheads:eggdrop_docker_image:1.8.2:rc2:*:*:*:*:*:*

cpe:2.3:a:eggheads:eggdrop_docker_image:1.8.3:*:*:*:*:*:*:*

cpe:2.3:a:eggheads:eggdrop_docker_image:1.8.3:rc1:*:*:*:*:*:*

cpe:2.3:a:eggheads:eggdrop_docker_image:1.8.4:*:*:*:*:*:*:*

cpe:2.3:a:eggheads:eggdrop_docker_image:1.8.4:rc1:*:*:*:*:*:*

cpe:2.3:a:eggheads:eggdrop_docker_image:1.8.4:rc2:*:*:*:*:*:*

cpe:2.3:a:eggheads:eggdrop_docker_image:1.8.4:rc3:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02074

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-xjpv-48qr-cg8g

github

больше 3 лет назад