CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-35190

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0370%
EPSS Percentile15.83th
Published2020年12月17日
Last Modified2024年11月21日

Vulnerability Description

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

Affected Platforms (CPE)

📦
Plone

Plone

>= 4.0.0-alpine and < 4.3.18-alpine

References & Advisories

🔗 https://github.com/koharin/koharin2/blob/main/CVE-2020-35190
🔗 https://github.com/koharin/koharin2/blob/main/CVE-2020-35190

関連する脆弱性情報

CVE-2008-139310.0

Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for...

CVE-2021-335099.9

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText...

CVE-2020-79419.8

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content wit...

CVE-2011-35879.3

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remo...