CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16876
https://notcve.org/view.php?id=CVE-2019-16876
07 Nov 2019 — Portainer before 1.22.1 allows Directory Traversal. Portainer versiones anteriores a 1.22.1, permite el Salto de Directorio. • https://fortiguard.com/zeroday/FG-VD-19-123 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16872
https://notcve.org/view.php?id=CVE-2019-16872
07 Nov 2019 — Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). Portainer versiones anteriores a 1.22.1, presenta un Control de Acceso Incorrecto (problema 1 de 4). • https://fortiguard.com/zeroday/FG-VD-19-120 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16874
https://notcve.org/view.php?id=CVE-2019-16874
07 Nov 2019 — Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4). Portainer versiones anteriores a 1.22.1, presenta un Control de Acceso Incorrecto (problema 2 de 4). • https://fortiguard.com/zeroday/FG-VD-19-121 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16873
https://notcve.org/view.php?id=CVE-2019-16873
07 Nov 2019 — Portainer before 1.22.1 has XSS (issue 1 of 2). Portainer versiones anteriores a 1.22.1, presenta una vulnerabilidad de tipo XSS (problema 1 de 2). • https://fortiguard.com/zeroday/FG-VD-19-118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19466
https://notcve.org/view.php?id=CVE-2018-19466
27 Mar 2019 — A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls. Se ha descubierto una vulnerabilidad en Portainer, en versiones anteriores a la 1.20.0. Portainer almacena credenciales LDAP, que corresponden a una contraseña maestra, en texto claro y permite recuperarlas mediante llamadas a la API. • https://github.com/MauroEldritch/lempo • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-19367
https://notcve.org/view.php?id=CVE-2018-19367
20 Nov 2018 — Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case. Portainer hasta la versión 1.19.2 proporciona un endpoint API (/api/users/admin/check) para verificar que el usuario administrador ya se haya creado. Este endpoint API devolverá 404 si el administrador no se ha creado y 204 si ya se ha crea... • https://github.com/lichti/shodan-portainer •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16316
https://notcve.org/view.php?id=CVE-2018-16316
01 Sep 2018 — A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field. Una vulnerabilidad Cross-Site Scripting (XSS) persistente en Portainer hasta la versión 1.19.1 permite que usuarios autenticados remotos inyecten JavaScript y/o HTLM arbitrarios mediante el campo Team Name. • https://github.com/portainer/portainer/commit/1ad150c99460a35224d6adfe48ddda9ee056b7d2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12678
https://notcve.org/view.php?id=CVE-2018-12678
22 Jun 2018 — Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks. Portainer en versiones anteriores a la 1.18.0 soporta peticiones no autenticadas al endpoint del websocket con una consulta id no validada en el endpoint /websocket/exec. Esto permite que atacantes remotos omitan las restricciones de acceso planeadas o lleven a... • https://github.com/portainer/portainer/pull/1979 • CWE-918: Server-Side Request Forgery (SSRF) •