Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.
{
"versions": [
{
"introduced": "0"
},
{
"last_affected": "2.5"
},
{
"introduced": "0"
},
{
"last_affected": "2.5.0"
},
{
"introduced": "0"
},
{
"last_affected": "2.5.1"
},
{
"introduced": "0"
},
{
"last_affected": "2.6.0"
},
{
"introduced": "0"
},
{
"last_affected": "2.6.1"
},
{
"introduced": "0"
},
{
"last_affected": "2.7.0"
}
]
}[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.5.0-rc"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.5.0-rc2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.6.0-rc2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.6.1-rc2"
}
]
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-29591.json"