310 matches found
Directory traversal
Portainer before 1.22.1 allows Directory Traversal...
Design/Logic Flaw
Portainer before 1.22.1 has Incorrect Access Control issue 4 of 4...
CVE-2019-16874
Portainer before 1.22.1 has Incorrect Access Control issue 2 of 4...
CVE-2019-16873
Portainer before 1.22.1 has XSS issue 1 of 2...
CVE-2019-16874
Portainer before 1.22.1 has Incorrect Access Control issue 2 of 4...
CVE-2019-16873
Portainer before 1.22.1 has XSS issue 1 of 2...
Cross site scripting
Portainer before 1.22.1 has XSS issue 1 of 2...
Improper access control
Portainer before 1.22.1 has Incorrect Access Control issue 2 of 4...
CVE-2019-16877
Portainer (Portainer app) before version 1.22.1 contains an access control flaw described as an Incorrect Access Control issue (issue 4 of 4). The CNVD entry notes that an attacker could gain full privileges to the host filesystem via the Host Management API. A fix is to upgrade Portainer to 1.22...
CVE-2019-16877
Portainer before 1.22.1 has Incorrect Access Control issue 4 of 4...
CVE-2019-16878
Portainer before 1.22.1 has XSS issue 2 of 2...
CVE-2019-16878
CVE-2019-16878 applies to Portainer before 1.22.1, with a cross-site scripting (XSS) vulnerability. The issue allows an attacker to inject arbitrary JavaScript into Portainer pages viewed by other users. Affected software: Portainer (before 1.22.1). Root cause: XSS in the Portainer UI. Impact: de...
CVE-2019-16876
Portainer before 1.22.1 allows Directory Traversal...
CVE-2019-16876
Portainer before 1.22.1 is affected by a directory traversal vulnerability (CVE-2019-16876). Multiple connected sources explicitly state the issue exists in Portainer versions prior to 1.22.1 and describe the vulnerability as directory traversal, with CNVD explicitly noting an attacker could uplo...
CVE-2019-16872
Portainer before 1.22.1 has Incorrect Access Control issue 1 of 4...
CVE-2019-16872
Portainer
CVE-2019-16874
Portainer before 1.22.1 has Incorrect Access Control issue 2 of 4...
CVE-2019-16874
Portainer before 1.22.1 has Incorrect Access Control (RBAC extension). This vulnerability could allow access to sensitive information via the bulk browsing feature. Remediation: upgrade to Portainer 1.22.1 or later.
CVE-2019-16873
Portainer (CVE-2019-16873) affects versions prior to 1.22.1 and involves a cross-site scripting (XSS) vulnerability in the ist even-multi-select component. The CNVD-2019-40484 description states an attacker can exploit this to inject arbitrary JavaScript into Portainer pages viewed by other users...
CVE-2019-16873
Portainer before 1.22.1 has XSS issue 1 of 2...