PT-2020-17274 · Composer · Composer

Koharin

Published

2020-12-17

Updated

2021-07-08

CVE-2020-35184

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions composer versions prior to 1.8.3

Description The official composer docker images contain a blank password for a root user. Systems using the composer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

Recommendations For versions prior to 1.8.3, update to version 1.8.3 or later to resolve the issue. As a temporary workaround, consider changing the root password in the composer docker container to prevent unauthorized access. Restrict access to the composer docker container to minimize the risk of exploitation.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-35184

Affected Products

Composer

PT-2020-17274 · Composer · Composer

CVE-2020-35184

Weakness Enumeration

Related Identifiers

Affected Products

References · 6