The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. System using the sonarqube docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
References
Link | Resource |
---|---|
https://github.com/koharin/koharin2/blob/main/CVE-2020-35193 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-15T23:14:51
Updated: 2020-12-15T23:14:51
Reserved: 2020-12-12T00:00:00
Link: CVE-2020-35193
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-16T00:15:14.347
Modified: 2020-12-21T21:51:28.417
Link: CVE-2020-35193
JSON object: View
Redhat Information
No data.
CWE