RSS   Podatności dla 'Portainer'   RSS

2022-02-11
 
CVE-2022-24961

NVD-CWE-noinfo
 

 
In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days.

 
2021-10-29
 
CVE-2021-41748

CWE-863
 

 
An Incorrect Access Control issue exists in all versions of Portainer.via an unauthorized access vulnerability. The vulnerability is also CNVD-2021-49547

 
 
CVE-2021-41874

CWE-863
 

 
An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a malicious user obtain sensitive information.

 
2021-10-18
 
CVE-2021-42650

CWE-79
 

 
Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.

 
2021-03-16
 
CVE-2020-24264

CWE-863
 

 
Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container is spawned, it can be leveraged to break out of the container leading to complete Docker host machine takeover.

 
 
CVE-2020-24263

CWE-732
 

 
Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Docker host.

 
2019-11-07
 
CVE-2019-16877

CWE-732
 

 
Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4).

 
 
CVE-2019-16874

CWE-732
 

 
Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4).

 
 
CVE-2019-16872

CWE-732
 

 
Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4).

 
2019-03-27
 
CVE-2018-19466

CWE-255
 

 
A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls.

 


Copyright 2024, cxsecurity.com

 

Back to Top