CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0CVE-2020-29591
https://notcve.org/view.php?id=CVE-2020-29591
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password. Las versiones de las imágenes de Docker de Official registry versiones hasta 2.7.0, contienen una contraseña en blanco para el usuario root. Los sistemas implementados con versiones afectadas del contenedor de registro pueden permitir a un atacante remoto conseguir acceso root con una contraseña en blanco • https://github.com/docker/distribution-library-image https://github.com/donghyunlee00/CVE/blob/main/CVE-2020-29591 https://hub.docker.com/_/registry • CWE-521: Weak Password Requirements •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-11468 – docker-distribution: Does not properly restrict the amount of content accepted from a user
https://notcve.org/view.php?id=CVE-2017-11468
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint. Docker Registry anterior a versión 2.6.2 en Docker Distribution, no restringe apropiadamente la cantidad de contenido aceptado por un usuario, lo que permite a los atacantes remotos causar una denegación de servicio (consumo de memoria) por medio un endpoint manifest. It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker could send a specially crafted request that would exhaust the memory of the docker-distribution service. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00047.html https://access.redhat.com/errata/RHSA-2017:2603 https://github.com/docker/distribution/pull/2340 https://github.com/docker/distribution/releases/tag/v2.6.2 https://access.redhat.com/security/cve/CVE-2017-11468 https://bugzilla.redhat.com/show_bug.cgi?id=1474893 • CWE-770: Allocation of Resources Without Limits or Throttling •