Описание
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.
Ссылки
- Product
- Third Party Advisory
- Product
- Product
- Third Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:docker:registry:2.5:*:*:*:*:*:*:*
cpe:2.3:a:docker:registry:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:docker:registry:2.5.0:rc:*:*:*:*:*:*
cpe:2.3:a:docker:registry:2.5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:docker:registry:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:docker:registry:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:docker:registry:2.6.0:rc2:*:*:*:*:*:*
cpe:2.3:a:docker:registry:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:docker:registry:2.6.1:rc2:*:*:*:*:*:*
cpe:2.3:a:docker:registry:2.7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02656
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-521
Связанные уязвимости
github
больше 3 лет назад
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.
EPSS
Процентиль: 85%
0.02656
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-521