Description

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

Remediation

References

CVE-2020-35190

Related Vulnerabilities

MySQL CVE-2017-10296 Vulnerability (CVE-2017-10296)

WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Arbitrary File Upload (1.3.2)

Oracle JRE CVE-2012-0502 Vulnerability (CVE-2012-0502)

PostgreSQL Numeric Errors Vulnerability (CVE-2007-6067)

Joomla! Core Multiple Cross-Site Scripting Vulnerabilities (1.5.0 - 3.8.7)

Severity

Critical

Classification

CVE-2020-35190 CWE-306 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities