CVE-2020-29578

The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
matomopiwik_fpm-alpine_docker_image
3.5
matomopiwik_fpm-alpine_docker_image
3.5.1
matomopiwik_fpm-alpine_docker_image
3.6
matomopiwik_fpm-alpine_docker_image
3.6.0
𝑥
= Vulnerable software versions
References
https://github.com/koharin/koharin2/blob/main/CVE-2020-29578
https://github.com/koharin/koharin2/blob/main/CVE-2020-29578