CVE-2020-29578

Name of the Vulnerable Software and Affected Versions Piwik Docker images versions prior to fpm-alpine

Description The issue concerns a blank password for a root user in the official Piwik Docker images. This could allow a remote attacker to achieve root access on systems using the Piwik Docker container deployed by affected versions of the Docker image.

Recommendations For versions prior to fpm-alpine, update to the fpm-alpine version or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value until a patch is applied. Restrict access to the Docker container to minimize the risk of exploitation.