PT-2020-17280 · Plone Foundation · Plone

Koharin

Published

2020-12-17

Updated

2020-12-18

CVE-2020-35190

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions plone versions prior to 4.3.18-alpine

Description The issue concerns a blank password for a root user in the official plone Docker images. This could allow a remote attacker to achieve root access with a blank password, potentially affecting systems that use the plone docker container deployed by affected versions of the docker image.

Recommendations For versions prior to 4.3.18-alpine, update to version 4.3.18-alpine or later to resolve the issue. As a temporary workaround, consider changing the root password to a secure value until the update can be applied. Restrict access to the plone docker container to minimize the risk of exploitation.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-35190

Affected Products

Plone

PT-2020-17280 · Plone Foundation · Plone

CVE-2020-35190

Weakness Enumeration

Related Identifiers

Affected Products

References · 4