{ "id": "CVE-2020-35193", "sourceIdentifier": "cve@mitre.org", "published": "2020-12-16T00:15:14.347", "lastModified": "2024-11-21T05:26:55.947", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. System using the sonarqube docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password." }, { "lang": "es", "value": "Las im\u00e1genes de Docker de official sonarqube antes de alpine (espec\u00edficas de Alpine), contienen una contrase\u00f1a en blanco para un usuario root. El sistema que usa el contenedor de docker sonarqube implementado por las versiones afectadas de la imagen de docker puede permitir a un atacante remoto alcanzar acceso root con una contrase\u00f1a en blanco" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "baseScore": 10.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE" }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-306" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:4.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "B02E82A8-085D-47E5-A050-20208295868B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "19A9A9A7-B0FD-4AA3-8EAD-F36ABED869CB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:5.6:*:*:*:*:*:*:*", "matchCriteriaId": "61A9129C-F9D3-4A66-BE07-17FBBCA61E30" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:5.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "FC121E29-C616-4553-8865-2AF26676DD74" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:5.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "D2230495-54AC-4E24-8091-E60EC19BB6C4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:5.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "162A7336-EF14-4D08-ACB3-62EF6000D9D1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:5.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "CA8F359C-CF0B-4486-8B16-D3065E70C661" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:5.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "32E8D6D2-3C0A-4E8D-BB8B-992F4058D320" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:5.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "5C2509AD-B32C-4313-8046-2A38602AFF16" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "BF98A503-C622-4722-B4FF-5A6C147C2704" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "EB5C69FD-4FBD-433D-BFEF-75C7F7878343" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "9E73537B-504E-4918-8272-2A06CC5597CD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.3:*:*:*:*:*:*:*", "matchCriteriaId": "49D86B33-ABCC-441B-9F04-14EABC4399A8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "37542D54-FF9B-4EC6-A983-CEDF94C3241E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "4DCE4427-E048-46BA-87A4-6087D01E8394" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "AA3A71BA-5BC7-4D47-8D59-180BAD30D11E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "F2057C5E-D9DA-401D-8CDE-70541C5979DE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.7:*:*:*:*:*:*:*", "matchCriteriaId": "8BDB251A-58D5-46E5-9C38-0E594A4594A4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "94278CBC-064E-4D10-8BF4-9FEB4D808351" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "DAD139C4-C3B6-4286-B31C-DB9F0C297AC0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "4EF130FB-C879-4146-981F-602D881F0536" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "FC88F92D-6458-4FAF-AF1A-EC89EDD8253F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:6.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "52B3106D-435E-4496-8E87-D0A0ED37141A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "B2827AE1-9EC0-462F-8557-40F22EFBB18A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "C8173944-0161-4381-80C7-0C93B8B05DD3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sonarsource:sonarqube_docker_image:lts:*:*:*:*:*:*:*", "matchCriteriaId": "77DE2DA2-A770-4598-8FEE-DA4D26002B2D" } ] } ] } ], "references": [ { "url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35193", "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://github.com/koharin/koharin2/blob/main/CVE-2020-35193", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ] } ] }