CVE-2020-29579

EUVD-2020-21941
The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
express-gatewayexpress-gateway_docker_image
𝑥
< 1.14.0
𝑥
= Vulnerable software versions
References
https://github.com/koharin/koharin2/blob/main/CVE-2020-29579
https://github.com/koharin/koharin2/blob/main/CVE-2020-29579