Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
PortainerPortainer*

16 matches found

CVE
CVEadded 2022/02/11 6:15 a.m.97 views

CVE-2022-24961

In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days.

9.8CVSS9.3AI score0.00885EPSS
CVE
CVEadded 2024/10/02 5:15 a.m.74 views

CVE-2024-33662

Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function.

7.5CVSS7.2AI score0.00041EPSS
CVE
CVEadded 2019/11/07 4:15 p.m.63 views

CVE-2019-16872

Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4).

9.9CVSS9.5AI score0.00433EPSS
CVE
CVEadded 2024/04/26 12:15 a.m.62 views

CVE-2024-33661

Portainer before 2.20.0 allows redirects when the target is not index.yaml.

9.1CVSS6.8AI score0.00067EPSS
CVE
CVEadded 2021/03/16 3:15 p.m.48 views

CVE-2020-24263

Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Docker host.

8.8CVSS8.9AI score0.01345EPSS
CVE
CVEadded 2021/03/16 3:15 p.m.47 views

CVE-2020-24264

Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container is...

10CVSS9.7AI score0.04373EPSS
CVE
CVEadded 2019/11/07 4:15 p.m.44 views

CVE-2019-16877

Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4).

8.8CVSS8.7AI score0.00525EPSS
CVE
CVEadded 2019/11/07 4:15 p.m.43 views

CVE-2019-16878

Portainer before 1.22.1 has XSS (issue 2 of 2).

5.4CVSS5.6AI score0.00281EPSS
CVE
CVEadded 2018/06/22 6:29 p.m.40 views

CVE-2018-12678

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.

9.8CVSS9.5AI score0.00401EPSS
Web
CVE
CVEadded 2019/03/27 5:29 p.m.40 views

CVE-2018-19466

A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls.

9.8CVSS9.3AI score0.12009EPSS
CVE
CVEadded 2019/11/07 4:15 p.m.40 views

CVE-2019-16876

Portainer before 1.22.1 allows Directory Traversal.

7.5CVSS7.6AI score0.00767EPSS
CVE
CVEadded 2018/11/20 9:29 a.m.39 views

CVE-2018-19367

Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.

9.8CVSS9.4AI score0.00312EPSS
CVE
CVEadded 2019/11/07 3:15 p.m.38 views

CVE-2019-16874

Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4).

6.5CVSS6.8AI score0.00356EPSS
CVE
CVEadded 2021/10/18 9:15 p.m.35 views

CVE-2021-42650

Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.

6.1CVSS6.1AI score0.0024EPSS
CVE
CVEadded 2019/11/07 3:15 p.m.33 views

CVE-2019-16873

Portainer before 1.22.1 has XSS (issue 1 of 2).

5.4CVSS5.6AI score0.00402EPSS
CVE
CVEadded 2018/09/01 6:29 p.m.30 views

CVE-2018-16316

A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field.

5.4CVSS5AI score0.00157EPSS