CVE-2019-5021

moderate-risk

Published 2019-05-08

Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.

Do I need to act?

3.5% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (4)

Docker-Alpine

Leap

Big-Ip Controller

Affected Vendors

F5 Opensuse Gliderlabs

References (12)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00004.html

Broken Link http://www.securityfocus.com/bid/108288

Vendor Advisory https://alpinelinux.org/posts/Docker-image-vulnerability-CVE-2019-5021.html

Third Party Advisory https://security.netapp.com/advisory/ntap-20190510-0001/

Third Party Advisory https://support.f5.com/csp/article/K25551452

Exploit https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00004.html

Broken Link http://www.securityfocus.com/bid/108288

Vendor Advisory https://alpinelinux.org/posts/Docker-image-vulnerability-CVE-2019-5021.html

Third Party Advisory https://security.netapp.com/advisory/ntap-20190510-0001/

Third Party Advisory https://support.f5.com/csp/article/K25551452

Exploit https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 7/34 · Low

Exposure 10/34 · Low