github.com/portainer/portainer is vulnerable to privilege escalation. The vulnerability exists due to an insecure permissions in the isValidStackFile
function allowing non-admin user to spawn new containers critical capabilities such as SYS_MODULE, which can be used to take over the Docker host.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/portainer/portainer | le | 1.24.1 |