PT-2020-17204 · Spiped · Spiped

Koharin

Published

2020-12-08

Updated

2020-12-22

CVE-2020-29581

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions spiped versions prior to 1.5-alpine

Description The official spiped docker images contain a blank password for a root user. This allows a remote attacker to achieve root access with a blank password. Systems using the spiped docker container deployed by affected versions of the docker image are at risk.

Recommendations For versions prior to 1.5-alpine, update to version 1.5-alpine or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value until a patch is applied. Restrict access to the spiped docker container to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-29581

Affected Products

Spiped

PT-2020-17204 · Spiped · Spiped

CVE-2020-29581

Related Identifiers

Affected Products

References · 6