PT-2020-17202 · Docker · Express Gateway

Koharin

Published

2020-12-08

Updated

2020-12-22

CVE-2020-29579

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Express Gateway versions prior to 1.14.0

Description The official Express Gateway Docker images contain a blank password for a root user, which may allow a remote attacker to achieve root access. This issue affects systems using the Express Gateway Docker container deployed by affected versions of the Docker image.

Recommendations For versions prior to 1.14.0, update to version 1.14.0 or later to resolve the issue. As a temporary workaround, consider disabling root access to the container until a patch is applied. Restrict access to the container to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-29579

Affected Products

Express Gateway

PT-2020-17202 · Docker · Express Gateway

CVE-2020-29579

Related Identifiers

Affected Products

References · 5