PT-2020-17199 · Docker · Eggdrop

Koharin

Published

2020-12-08

Updated

2020-12-22

CVE-2020-29576

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Eggdrop Docker images versions prior to 1.8.4rc2

Description The issue concerns Eggdrop Docker images that have a blank password set for the root user. This could allow a remote attacker to gain root access to systems using the affected Docker container.

Recommendations For versions prior to 1.8.4rc2, update to version 1.8.4rc2 or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value until the update can be applied. Restrict access to the Docker container to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-29576

Affected Products

Eggdrop

PT-2020-17199 · Docker · Eggdrop

CVE-2020-29576

Related Identifiers

Affected Products

References · 5