CVE-2020-35191

CRITICAL

Drupal Docker <8.5.10-fpm-alpine - Privilege Escalation

Title source: llm

Description

The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

Exploits (1)

nomisec WORKING POC 1 stars

by megadimenex · poc

https://github.com/megadimenex/MegaHiDocker

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://github.com/koharin/koharin2/blob/main/CVE-2020-35191

Scores

CVSS v3 9.8

EPSS 0.2036

EPSS Percentile 95.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-306

Status published

Products (2)

drupal/drupal_docker_images 8.3.0-fpm-alpine (2 CPE variants)

drupal/drupal_docker_images 8.3.1-fpm-alpine - 8.5.10-fpm-alpine

Published Dec 17, 2020

Tracked Since Feb 18, 2026