CVE-2020-29578
First published: Tue Dec 08 2020(Updated: )
The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| =3 | ||
| =3.5 | ||
| =3.5.1 | ||
| =3.6 | ||
| =3.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-29578?
CVE-2020-29578 has a high severity due to the potential for remote root access.
How do I fix CVE-2020-29578?
To fix CVE-2020-29578, update to a fixed version of the Piwik Docker image that does not have a blank root password.
Who is affected by CVE-2020-29578?
Users of the Piwik Docker images prior to fpm-alpine are affected by CVE-2020-29578.
What could happen if I am vulnerable to CVE-2020-29578?
If vulnerable to CVE-2020-29578, attackers could gain unauthorized root access to your system.
Is there a workaround for CVE-2020-29578 until I can update?
A potential workaround for CVE-2020-29578 is to change the root password of the container immediately.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/matomo