CVE-2020-29389

{"id": "CVE-2020-29389", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-12-02T17:15:14.953", "references": [{"url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-29389", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-29389", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password."}, {"lang": "es", "value": "Las im\u00e1genes oficiales de Crux Linux Docker versiones 3.0 hasta 3.4, contienen una contrase\u00f1a en blanco para un usuario root. Un sistema que usa el contenedor Crux Linux Docker implementado para las versiones afectadas de la imagen de Docker puede permitir a un atacante conseguir acceso root con una contrase\u00f1a en blanco"}], "lastModified": "2024-11-21T05:23:58.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:docker:crux_linux_docker_image:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "310C8BA4-DEBE-4BC7-8F48-D7F86FA1DEDF", "versionEndIncluding": "3.4", "versionStartIncluding": "3.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}