CVE-2020-35190

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-35190
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35190.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-35190
Published
2020-12-17T02:15:13.067Z
Modified
2026-04-10T04:26:57.709357Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

References

Affected packages

Git / github.com/plone/plone

Affected ranges

Type
GIT
Repo
https://github.com/plone/plone
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ab6705463eda594906a647360bcddf36647fce93
Database specific 
{
    "versions": [
        {
            "introduced": "4.0.0-alpine"
        },
        {
            "fixed": "4.3.18-alpine"
        }
    ]
}

Affected versions

4.*
4.1.0
4.1a1
4.1a2
4.1a3
4.1b1
4.1b2
4.1rc1
4.1rc2
4.1rc3
4.2a1
4.2a2
4.2b1
4.2b2
4.3
4.3.1
4.3.10
4.3.11
4.3.12
4.3.13
4.3.14
4.3.15
4.3.16
4.3.17
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3a1
4.3a2
4.3b1
4.3b2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35190.json"