CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-35191

The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.204

EPSS Ranking 95.3%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

https://github.com/koharin/koharin2/blob/main/CVE-2020-35191
https://github.com/koharin/koharin2/blob/main/CVE-2020-35191

Products affected by CVE-2020-35191

Drupal » Drupal Docker Images » Version: 8.3.0-fpm-alpine

cpe:2.3:a:drupal:drupal_docker_images:8.3.0-fpm-alpine
Drupal » Drupal Docker Images » Version: 8.3.1-fpm-alpine

cpe:2.3:a:drupal:drupal_docker_images:8.3.1-fpm-alpine
Drupal » Drupal Docker Images » Version: 8.5.10-fpm-alpine

cpe:2.3:a:drupal:drupal_docker_images:8.5.10-fpm-alpine

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-35191

Products

Pricing

Contact Us