PT-2020-17275 · Ghost Foundation · Ghost

Koharin

Published

2020-12-17

Updated

2020-12-18

CVE-2020-35185

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ghost Docker images versions prior to 2.16.1-alpine

Description The issue concerns a blank password for a root user in the official Ghost Docker images. This could allow a remote attacker to gain root access to systems using the affected Docker container.

Recommendations For Ghost Docker images versions prior to 2.16.1-alpine, update to version 2.16.1-alpine or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value until the update can be applied. Restrict access to the Docker container to minimize the risk of exploitation.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-35185

Affected Products

Ghost

PT-2020-17275 · Ghost Foundation · Ghost

CVE-2020-35185

Weakness Enumeration

Related Identifiers

Affected Products

References · 4