CVE-2020-35187

Name of the Vulnerable Software and Affected Versions Telegraf versions prior to 1.9.4-alpine

Description The issue concerns a blank password for a root user in the official Telegraf Docker images. This could allow a remote attacker to achieve root access with a blank password on systems using the Telegraf Docker container deployed by affected versions of the Docker image.

Recommendations For versions prior to 1.9.4-alpine, update to version 1.9.4-alpine or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value to prevent unauthorized access. Restrict access to the Docker container to minimize the risk of exploitation.