Sign-up

ID

VAR-202012-0974


CVE

CVE-2020-29579


TITLE

Express Gateway Docker image  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-014065

DESCRIPTION

The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access. Express Gateway Docker image Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-29579 // JVNDB: JVNDB-2020-014065 // VULHUB: VHN-376312

AFFECTED PRODUCTS

vendor:express gatewaymodel:express-gateway docker imagescope:ltversion:1.14.0

Trust: 1.0

vendor:express gatewaymodel:docker imagescope:eqversion:1.14.0

Trust: 0.8

vendor:express gatewaymodel:docker imagescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-014065 // NVD: CVE-2020-29579

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-29579
value: CRITICAL

Trust: 1.0

NVD: CVE-2020-29579
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202012-697
value: CRITICAL

Trust: 0.6

VULHUB: VHN-376312
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-29579
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-376312
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-29579
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-29579
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-376312 // JVNDB: JVNDB-2020-014065 // CNNVD: CNNVD-202012-697 // NVD: CVE-2020-29579

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Other (CWE-Other) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-014065 // NVD: CVE-2020-29579

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-697

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202012-697

PATCH

title:Top Pageurl:https://www.express-gateway.io/

Trust: 0.8

title:Docker Images Express Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=137250

Trust: 0.6

sources: JVNDB: JVNDB-2020-014065 // CNNVD: CNNVD-202012-697

EXTERNAL IDS

db:NVDid:CVE-2020-29579

Trust: 2.5

db:JVNDBid:JVNDB-2020-014065

Trust: 0.8

db:CNNVDid:CNNVD-202012-697

Trust: 0.6

db:VULHUBid:VHN-376312

Trust: 0.1

sources: VULHUB: VHN-376312 // JVNDB: JVNDB-2020-014065 // CNNVD: CNNVD-202012-697 // NVD: CVE-2020-29579

REFERENCES

url:https://github.com/koharin/koharin2/blob/main/cve-2020-29579

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-29579

Trust: 1.4

url:https://github.com/koharin/cve/blob/main/cve-2020-29579

Trust: 0.8

sources: VULHUB: VHN-376312 // JVNDB: JVNDB-2020-014065 // CNNVD: CNNVD-202012-697 // NVD: CVE-2020-29579

SOURCES

db:VULHUBid:VHN-376312
db:JVNDBid:JVNDB-2020-014065
db:CNNVDid:CNNVD-202012-697
db:NVDid:CVE-2020-29579

LAST UPDATE DATE

2024-11-23T22:29:21.437000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-376312date:2020-12-22T00:00:00
db:JVNDBid:JVNDB-2020-014065date:2021-07-26T05:26:00
db:CNNVDid:CNNVD-202012-697date:2020-12-15T00:00:00
db:NVDid:CVE-2020-29579date:2024-11-21T05:24:15.017

SOURCES RELEASE DATE

db:VULHUBid:VHN-376312date:2020-12-08T00:00:00
db:JVNDBid:JVNDB-2020-014065date:2021-07-26T00:00:00
db:CNNVDid:CNNVD-202012-697date:2020-12-08T00:00:00
db:NVDid:CVE-2020-29579date:2020-12-08T16:15:12.137