Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability

Vulnerability

An authentication bypass vulnerability has been identified in the Cockroach Labs cockroach-k8s-request-cert container image. The issue arises from a blank password for the root user in the system shadow file, allowing remote attackers to bypass authentication. Cockroach Labs has confirmed that this container image is no longer supported.

Impact

Exploitation of this vulnerability allows for authentication bypass, potentially leading to unauthorized access or actions within the system.

Added: Sep 2, 2025, 8:37 PM

Updated: Sep 2, 2025, 8:37 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating