CVE-2020-29579

The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
express-gatewayexpress-gateway_docker_image
𝑥
< 1.14.0
𝑥
= Vulnerable software versions
References
https://github.com/koharin/koharin2/blob/main/CVE-2020-29579
https://github.com/koharin/koharin2/blob/main/CVE-2020-29579