Docker Image Vulnerability in Kong: Root Access Risk
CVE-2020-35189

9.8CRITICAL

Key Information:

Vendor: Kong
Status: Kong Alpine Docker Image
Vendor: CVE Published:; 17 December 2020

What is CVE-2020-35189?

The Kong Docker images prior to version 1.0.2-alpine are susceptible to a serious flaw that allows remote attackers to gain unauthorized root access. This occurrence stems from the presence of a blank password assigned to the root user within these images. Environments utilizing these affected Docker images may be at significant risk, as attackers could exploit this vulnerability to execute commands with administrative privileges, potentially compromising the entire system and its data.

References

https://github.com/koharin/koharin2/blob/main/CVE-2020-35189

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2020
Vulnerability Reserved
Dec 12, 2020

CVE-2020-35189 Data

JSON