Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2019-5021

Published: 08/05/2019 Updated: 13/06/2022
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 891
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Gliderlabs

Vulnerability Summary

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gliderlabs docker-alpine

opensuse leap 15.0

opensuse leap 15.1

f5 big-ip controller 1.2.1

Github Repositories

https://github.com/Shail-Shouryya/Fun-Projects

collection of interesting projects I see online or dream up in my spare time

Fun-Projects I started reading articles that walk through how to make different things and decided to make one entirely self-contained repo that housed all the projects I've come across that I tried doing The source for each project will always be at the top of the page with a url link to the page where I found it I'll also include the basics of how to run the proj

https://github.com/jdickey/hanami-1.3.1-base

Base images for Hanami 1.3.1. Ruby 2.6 or 2.5 on Alpine or Debian base images

Base Images for Hanami 131 Contents Overview IMPORTANT NOTES Silent Gem Version Updates Alpine Linux Version No Qt-included Image Variants Building and Tagging the Images Images and Supported Tags Debian Stretch Images With hanami-model Without hanami-model Debian Slimmed-down Stretch Images Without hanami-model Alpine 39 Images With hanami-model Without hanami-m

https://github.com/kank3n/container_security

container security /var/run/dockersockを公開してはいけない Docker Remote API経由でのコンテナ操作 alpineイメージのrootパスワードがnullだった件(cve-2019-5021)

References

NVD-CWE-Otherhttps://talosintelligence.com/vulnerability_reports/TALOS-2019-0782http://www.securityfocus.com/bid/108288https://security.netapp.com/advisory/ntap-20190510-0001/https://alpinelinux.org/posts/Docker-image-vulnerability-CVE-2019-5021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00004.htmlhttps://support.f5.com/csp/article/K25551452https://nvd.nist.govhttps://github.com/Shail-Shouryya/Fun-Projects
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook