CVEブラウザに戻る

CVE-2019-5021

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1870%

EPSS Percentile29.30th

Published2019年5月8日

Last Modified2024年11月21日

Vulnerability Description

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.

Affected Platforms (CPE)

📦

Gliderlabs

Docker Alpine

>= 3.3

💻

Opensuse

Leap

= 15.0

💻

Opensuse

Leap

= 15.1

📦

F5

Big Ip Controller

= 1.2.1

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00004.html

🔗 http://www.securityfocus.com/bid/108288

🔗 https://alpinelinux.org/posts/Docker-image-vulnerability-CVE-2019-5021.html

🔗 https://security.netapp.com/advisory/ntap-20190510-0001/

🔗 https://support.f5.com/csp/article/K25551452

🔗 https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782

🔗 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00004.html

🔗 http://www.securityfocus.com/bid/108288

関連する脆弱性情報

CVE-2020-295789.8

The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the P...

CVE-2020-295819.8

The official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker cont...

CVE-2020-296029.8

The official irssi docker images before 1.1-alpine (Alpine specific) contain a blank password for a root user. System using the ir...

CVE-2020-295759.8

The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using th...