ALPINE-CVE-2020-27780

See a problem?
Please try reporting it to the source first.

Source

https://security.alpinelinux.org/vuln/CVE-2020-27780

Import Source

https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2020-27780.json

JSON Data

https://api.osv.dev/v1/vulns/ALPINE-CVE-2020-27780

Upstream

CVE-2020-27780

Published

2020-12-18T00:15:14.330Z

Modified

2025-12-03T22:49:13.781420Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.

References

https://security.alpinelinux.org/vuln/CVE-2020-27780

Affected packages

Alpine:v3.13

linux-pam

Package

Name: linux-pam
Purl: pkg:apk/alpine/linux-pam?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1

Affected versions

1.*

1.1.3-r0

1.1.3-r1

1.1.3-r2

1.1.3-r3

1.1.3-r4

1.1.5-r0

1.1.6-r0

1.1.8-r0

1.1.8-r1

1.1.8-r2

1.2.0-r0

1.2.1-r0

1.2.1-r1

1.3.0-r0

1.3.0-r1

1.3.1-r0

1.3.1-r1

1.3.1-r2

1.3.1-r3

1.3.1-r4

1.4.0-r0

1.4.0-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2020-27780.json"

Alpine:v3.14

linux-pam

Package

Name: linux-pam
Purl: pkg:apk/alpine/linux-pam?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1-r0

Affected versions

1.*

1.1.3-r0

1.1.3-r1

1.1.3-r2

1.1.3-r3

1.1.3-r4

1.1.5-r0

1.1.6-r0

1.1.8-r0

1.1.8-r1

1.1.8-r2

1.2.0-r0

1.2.1-r0

1.2.1-r1

1.3.0-r0

1.3.0-r1

1.3.1-r0

1.3.1-r1

1.3.1-r2

1.3.1-r3

1.3.1-r4

1.4.0-r0

1.4.0-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2020-27780.json"

Alpine:v3.15

linux-pam

Package

Name: linux-pam
Purl: pkg:apk/alpine/linux-pam?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1-r0

Affected versions

1.*

1.1.3-r0

1.1.3-r1

1.1.3-r2

1.1.3-r3

1.1.3-r4

1.1.5-r0

1.1.6-r0

1.1.8-r0

1.1.8-r1

1.1.8-r2

1.2.0-r0

1.2.1-r0

1.2.1-r1

1.3.0-r0

1.3.0-r1

1.3.1-r0

1.3.1-r1

1.3.1-r2

1.3.1-r3

1.3.1-r4

1.4.0-r0

1.4.0-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2020-27780.json"

Alpine:v3.16

linux-pam

Package

Name: linux-pam
Purl: pkg:apk/alpine/linux-pam?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1-r0

Affected versions

1.*

1.1.3-r0

1.1.3-r1

1.1.3-r2

1.1.3-r3

1.1.3-r4

1.1.5-r0

1.1.6-r0

1.1.8-r0

1.1.8-r1

1.1.8-r2

1.2.0-r0

1.2.1-r0

1.2.1-r1

1.3.0-r0

1.3.0-r1

1.3.1-r0

1.3.1-r1

1.3.1-r2

1.3.1-r3

1.3.1-r4

1.4.0-r0

1.4.0-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2020-27780.json"

Alpine:v3.17

linux-pam

Package

Name: linux-pam
Purl: pkg:apk/alpine/linux-pam?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1-r0

Affected versions

1.*

1.1.3-r0

1.1.3-r1

1.1.3-r2

1.1.3-r3

1.1.3-r4

1.1.5-r0

1.1.6-r0

1.1.8-r0

1.1.8-r1

1.1.8-r2

1.2.0-r0

1.2.1-r0

1.2.1-r1

1.3.0-r0

1.3.0-r1

1.3.1-r0

1.3.1-r1

1.3.1-r2

1.3.1-r3

1.3.1-r4

1.4.0-r0

1.4.0-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2020-27780.json"

Alpine:v3.18

linux-pam

Package

Name: linux-pam
Purl: pkg:apk/alpine/linux-pam?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1-r0

Affected versions

1.*

1.1.3-r0

1.1.3-r1

1.1.3-r2

1.1.3-r3

1.1.3-r4

1.1.5-r0

1.1.6-r0

1.1.8-r0

1.1.8-r1

1.1.8-r2

1.2.0-r0

1.2.1-r0

1.2.1-r1

1.3.0-r0

1.3.0-r1

1.3.1-r0

1.3.1-r1

1.3.1-r2

1.3.1-r3

1.3.1-r4

1.4.0-r0

1.4.0-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2020-27780.json"

Alpine:v3.19

linux-pam

Package

Name: linux-pam
Purl: pkg:apk/alpine/linux-pam?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1-r0

Affected versions

1.*

1.1.3-r0

1.1.3-r1

1.1.3-r2

1.1.3-r3

1.1.3-r4

1.1.5-r0

1.1.6-r0

1.1.8-r0

1.1.8-r1

1.1.8-r2

1.2.0-r0

1.2.1-r0

1.2.1-r1

1.3.0-r0

1.3.0-r1

1.3.1-r0

1.3.1-r1

1.3.1-r2

1.3.1-r3

1.3.1-r4

1.4.0-r0

1.4.0-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2020-27780.json"

Alpine:v3.20

linux-pam

Package

Name: linux-pam
Purl: pkg:apk/alpine/linux-pam?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1-r0

Affected versions

1.*

1.1.3-r0

1.1.3-r1

1.1.3-r2

1.1.3-r3

1.1.3-r4

1.1.5-r0

1.1.6-r0

1.1.8-r0

1.1.8-r1

1.1.8-r2

1.2.0-r0

1.2.1-r0

1.2.1-r1

1.3.0-r0

1.3.0-r1

1.3.1-r0

1.3.1-r1

1.3.1-r2

1.3.1-r3

1.3.1-r4

1.4.0-r0

1.4.0-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2020-27780.json"

Alpine:v3.21

linux-pam

Package

Name: linux-pam
Purl: pkg:apk/alpine/linux-pam?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1-r0

Affected versions

1.*

1.1.3-r0

1.1.3-r1

1.1.3-r2

1.1.3-r3

1.1.3-r4

1.1.5-r0

1.1.6-r0

1.1.8-r0

1.1.8-r1

1.1.8-r2

1.2.0-r0

1.2.1-r0

1.2.1-r1

1.3.0-r0

1.3.0-r1

1.3.1-r0

1.3.1-r1

1.3.1-r2

1.3.1-r3

1.3.1-r4

1.4.0-r0

1.4.0-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2020-27780.json"

Alpine:v3.22

linux-pam

Package

Name: linux-pam
Purl: pkg:apk/alpine/linux-pam?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1-r0

Affected versions

1.*

1.1.3-r0

1.1.3-r1

1.1.3-r2

1.1.3-r3

1.1.3-r4

1.1.5-r0

1.1.6-r0

1.1.8-r0

1.1.8-r1

1.1.8-r2

1.2.0-r0

1.2.1-r0

1.2.1-r1

1.3.0-r0

1.3.0-r1

1.3.1-r0

1.3.1-r1

1.3.1-r2

1.3.1-r3

1.3.1-r4

1.4.0-r0

1.4.0-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2020-27780.json"

Alpine:v3.23

linux-pam

Package

Name: linux-pam
Purl: pkg:apk/alpine/linux-pam?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1-r0

Affected versions

1.*

1.1.3-r0

1.1.3-r1

1.1.3-r2

1.1.3-r3

1.1.3-r4

1.1.5-r0

1.1.6-r0

1.1.8-r0

1.1.8-r1

1.1.8-r2

1.2.0-r0

1.2.1-r0

1.2.1-r1

1.3.0-r0

1.3.0-r1

1.3.1-r0

1.3.1-r1

1.3.1-r2

1.3.1-r3

1.3.1-r4

1.4.0-r0

1.4.0-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2020-27780.json"