CVE-2020-29591

{"id": "CVE-2020-29591", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-12-11T15:15:12.297", "references": [{"url": "https://github.com/docker/distribution-library-image", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/donghyunlee00/CVE/blob/main/CVE-2020-29591", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://hub.docker.com/_/registry", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/docker/distribution-library-image", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/donghyunlee00/CVE/blob/main/CVE-2020-29591", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://hub.docker.com/_/registry", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-521"}]}], "descriptions": [{"lang": "en", "value": "Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password."}, {"lang": "es", "value": "Las versiones de las im\u00e1genes de Docker de Official registry versiones hasta 2.7.0, contienen una contrase\u00f1a en blanco para el usuario root. Los sistemas implementados con versiones afectadas del contenedor de registro pueden permitir a un atacante remoto conseguir acceso root con una contrase\u00f1a en blanco"}], "lastModified": "2024-11-21T05:24:16.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:docker:registry:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23AB982F-CC7B-4104-964C-B3244FF76F9F"}, {"criteria": "cpe:2.3:a:docker:registry:2.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0FE7957-1316-44DC-B62A-5C19211D9A48"}, {"criteria": "cpe:2.3:a:docker:registry:2.5.0:rc:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D76F61E-59ED-4003-A55D-DF1FF057BE9B"}, {"criteria": "cpe:2.3:a:docker:registry:2.5.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "149472A1-B0A8-4BE9-BB5A-FDF7436204D8"}, {"criteria": "cpe:2.3:a:docker:registry:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A529E442-6D35-4050-A198-02A503B80516"}, {"criteria": "cpe:2.3:a:docker:registry:2.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97C988BE-2181-4989-A6F9-199F3D4E545A"}, {"criteria": "cpe:2.3:a:docker:registry:2.6.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DB92432-1EC2-47D2-AB5D-76EF9BAE1B0B"}, {"criteria": "cpe:2.3:a:docker:registry:2.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDF2696A-DECF-406A-A4CA-FEA287C4801A"}, {"criteria": "cpe:2.3:a:docker:registry:2.6.1:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C39B5FC3-FC04-40BB-B55A-E79B3D14419C"}, {"criteria": "cpe:2.3:a:docker:registry:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA939748-6F3A-440F-9867-3370E823D309"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}