Description

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

Remediation

References

CVE-2020-35190

Related Vulnerabilities

MongoDb Improper Input Validation Vulnerability (CVE-2020-7925)

MySQL CVE-2023-22078 Vulnerability (CVE-2023-22078)

MyBB Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2018-1000502)

WordPress 3.9.x Cross-Site Scripting Vulnerability (3.9 - 3.9.9)

WordPress Plugin BuddyPress Cover Arbitrary File Upload (2.1.4.2)

Severity

Critical

Classification

CVE-2020-35190 CWE-306 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities