CVE-2020-35193

{"id": "CVE-2020-35193", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-12-16T00:15:14.347", "references": [{"url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35193", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. System using the sonarqube docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password."}, {"lang": "es", "value": "Las im\u00e1genes de Docker de official sonarqube antes de alpine (espec\u00edficas de Alpine), contienen una contrase\u00f1a en blanco para un usuario root. El sistema que usa el contenedor de docker sonarqube implementado por las versiones afectadas de la imagen de docker puede permitir a un atacante remoto alcanzar acceso root con una contrase\u00f1a en blanco"}], "lastModified": "2020-12-21T21:51:28.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:4.5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B02E82A8-085D-47E5-A050-20208295868B"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19A9A9A7-B0FD-4AA3-8EAD-F36ABED869CB"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61A9129C-F9D3-4A66-BE07-17FBBCA61E30"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:5.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC121E29-C616-4553-8865-2AF26676DD74"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:5.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2230495-54AC-4E24-8091-E60EC19BB6C4"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:5.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "162A7336-EF14-4D08-ACB3-62EF6000D9D1"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:5.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA8F359C-CF0B-4486-8B16-D3065E70C661"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:5.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32E8D6D2-3C0A-4E8D-BB8B-992F4058D320"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:5.6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C2509AD-B32C-4313-8046-2A38602AFF16"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF98A503-C622-4722-B4FF-5A6C147C2704"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB5C69FD-4FBD-433D-BFEF-75C7F7878343"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E73537B-504E-4918-8272-2A06CC5597CD"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49D86B33-ABCC-441B-9F04-14EABC4399A8"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37542D54-FF9B-4EC6-A983-CEDF94C3241E"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DCE4427-E048-46BA-87A4-6087D01E8394"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA3A71BA-5BC7-4D47-8D59-180BAD30D11E"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2057C5E-D9DA-401D-8CDE-70541C5979DE"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BDB251A-58D5-46E5-9C38-0E594A4594A4"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94278CBC-064E-4D10-8BF4-9FEB4D808351"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAD139C4-C3B6-4286-B31C-DB9F0C297AC0"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EF130FB-C879-4146-981F-602D881F0536"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC88F92D-6458-4FAF-AF1A-EC89EDD8253F"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52B3106D-435E-4496-8E87-D0A0ED37141A"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2827AE1-9EC0-462F-8557-40F22EFBB18A"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8173944-0161-4381-80C7-0C93B8B05DD3"}, {"criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:lts:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77DE2DA2-A770-4598-8FEE-DA4D26002B2D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}