PT-2020-17283 · Alpine+2 · Alpine+2

Koharin

Published

2020-12-15

Updated

2020-12-21

CVE-2020-35193

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions sonarqube versions prior to Alpine

Description The official sonarqube docker images contain a blank password for a root user, which may allow a remote attacker to achieve root access with a blank password. This issue affects systems using the sonarqube docker container deployed by affected versions of the docker image.

Recommendations For sonarqube versions prior to Alpine, update to Alpine or a later version to resolve the issue. As a temporary workaround, consider changing the root password to a secure value until a patch is available. Restrict access to the sonarqube docker container to minimize the risk of exploitation.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-35193

Affected Products

Alpine

Docker

Sonarqube

PT-2020-17283 · Alpine+2 · Alpine+2

CVE-2020-35193

Weakness Enumeration

Related Identifiers

Affected Products

References · 6