CVE-2019-5021
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.
Affected (4)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| From 3.3 |
| Running on/with | Platform Versions |
|---|---|
Alpinelinux Alpine Linux | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.2.1 |
Related CWEs
References (12)
Source: talos-cna@cisco.com
Mailing ListThird Party Advisory
Source: talos-cna@cisco.com
Vendor Advisory
Source: talos-cna@cisco.com
Third Party Advisory
Source: talos-cna@cisco.com
ExploitMitigationPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMitigationPatchThird Party Advisory
Timeline
No history available yet.