CVE-2020-29578

EUVD-2020-21940
The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
matomopiwik_fpm-alpine_docker_image
3.5
matomopiwik_fpm-alpine_docker_image
3.5.1
matomopiwik_fpm-alpine_docker_image
3.6
matomopiwik_fpm-alpine_docker_image
3.6.0
𝑥
= Vulnerable software versions
References
https://github.com/koharin/koharin2/blob/main/CVE-2020-29578
https://github.com/koharin/koharin2/blob/main/CVE-2020-29578