Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
portainer portainer vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-12678
Portainer prior to 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote malicious users to bypass intended access restrictions or conduct SSRF attacks.
Portainer Portainer
5
CVSSv2
CVE-2018-19466
A vulnerability was found in Portainer prior to 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls.
Portainer Portainer
1 Github repository
4
CVSSv2
CVE-2019-16874
Portainer prior to 1.22.1 has Incorrect Access Control (issue 2 of 4).
Portainer Portainer
3.5
CVSSv2
CVE-2019-16878
Portainer prior to 1.22.1 has XSS (issue 2 of 2).
Portainer Portainer
10
CVSSv2
CVE-2020-24264
Portainer 1.24.1 and previous versions is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mo...
Portainer Portainer
5
CVSSv2
CVE-2018-19367
Portainer up to and including 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 ca...
Portainer Portainer
1 Github repository
7.5
CVSSv2
CVE-2022-24961
In Portainer Agent prior to 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days.
Portainer Portainer
9
CVSSv2
CVE-2019-16872
Portainer prior to 1.22.1 has Incorrect Access Control (issue 1 of 4).
Portainer Portainer
5
CVSSv2
CVE-2021-41874
An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a malicious user obtain sensitive information. NOTE: Portainer has received no detail of this CVE report. There is also no response after multiple attempts of contacting the original source.
Portainer Portainer
6.5
CVSSv2
CVE-2020-24263
Portainer 1.24.1 and previous versions is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Dock...
Portainer Portainer
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »