Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
portainer portainer vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2019-16872
Portainer prior to 1.22.1 has Incorrect Access Control (issue 1 of 4).
Portainer Portainer
9.8
CVSSv3
CVE-2022-24961
In Portainer Agent prior to 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days.
Portainer Portainer
9.8
CVSSv3
CVE-2020-24264
Portainer 1.24.1 and previous versions is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mo...
Portainer Portainer
9.8
CVSSv3
CVE-2018-19466
A vulnerability was found in Portainer prior to 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls.
Portainer Portainer
1 Github repository
9.8
CVSSv3
CVE-2018-19367
Portainer up to and including 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 ca...
Portainer Portainer
1 Github repository
9.8
CVSSv3
CVE-2018-12678
Portainer prior to 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote malicious users to bypass intended access restrictions or conduct SSRF attacks.
Portainer Portainer
8.8
CVSSv3
CVE-2020-24263
Portainer 1.24.1 and previous versions is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Dock...
Portainer Portainer
8.8
CVSSv3
CVE-2019-16877
Portainer prior to 1.22.1 has Incorrect Access Control (issue 4 of 4).
Portainer Portainer
7.5
CVSSv3
CVE-2021-41874
An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a malicious user obtain sensitive information. NOTE: Portainer has received no detail of this CVE report. There is also no response after multiple attempts of contacting the original source.
Portainer Portainer
7.5
CVSSv3
CVE-2019-16876
Portainer prior to 1.22.1 allows Directory Traversal.
Portainer Portainer
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »