PT-2020-17214 · Docker · Irssi

Koharin

Published

2020-12-08

Updated

2020-12-09

CVE-2020-29602

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions irssi versions prior to 1.1-alpine

Description The issue concerns a blank password for a root user in the official irssi Docker images. This could allow a remote attacker to achieve root access with a blank password on systems using the irssi Docker container deployed by affected versions of the Docker image.

Recommendations For versions prior to 1.1-alpine, update to version 1.1-alpine or later to resolve the issue. As a temporary workaround, consider changing the root password in the irssi Docker container to prevent unauthorized access.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-29602

Affected Products

Irssi

PT-2020-17214 · Docker · Irssi

CVE-2020-29602

Related Identifiers

Affected Products

References · 4