CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-33662
https://notcve.org/view.php?id=CVE-2024-33662
02 Oct 2024 — Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function. • https://github.com/portainer/portainer/compare/2.20.1...2.20.2 • CWE-326: Inadequate Encryption Strength •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33661
https://notcve.org/view.php?id=CVE-2024-33661
25 Apr 2024 — Portainer before 2.20.0 allows redirects when the target is not index.yaml. Portainer anterior a 2.20.0 permite redireccionamientos cuando el objetivo no es index.yaml. • https://github.com/portainer/portainer/compare/2.19.4...2.20.0 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2024-29296
https://notcve.org/view.php?id=CVE-2024-29296
10 Apr 2024 — A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. Se encontró una vulnerabilidad de enumeración de usuarios en Portainer CE 2.19.4. Este problema ocurre durante el proceso de autenticación del usuario, donde una diferencia en el tiempo de respuesta podría permitir que un usuario remoto no autenticado determine si un n... • https://github.com/ThaySolis/CVE-2024-29296 • CWE-286: Incorrect User Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24961
https://notcve.org/view.php?id=CVE-2022-24961
11 Feb 2022 — In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days. En Portainer Agent versiones anteriores a 2.11.1, un servidor de API puede seguir funcionando aunque no esté asociado a una instancia de Portainer en los últimos días • https://github.com/portainer/agent/compare/2.11.0...2.11.1 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41874
https://notcve.org/view.php?id=CVE-2021-41874
29 Oct 2021 — An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a malicious user obtain sensitive information. NOTE: Portainer has received no detail of this CVE report. There is also no response after multiple attempts of contacting the original source. ** EN DISPUTA ** Se presenta una vulnerabilidad de acceso no autorizado en todas las versiones de Portainer, que podría permitir a un usuario malicioso conseguir información confidencial. NOTA: Portainer no ha recibido ningún detal... • https://www.cnvd.org.cn/flaw/show/3832981 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42650
https://notcve.org/view.php?id=CVE-2021-42650
18 Oct 2021 — Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Portainer versiones anteriores a 2.9.1 por medio de la caja de entrada del nodo en las plantillas personalizadas • https://github.com/portainer/portainer/pull/5766 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24264
https://notcve.org/view.php?id=CVE-2020-24264
16 Mar 2021 — Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container is spawned, it can be leveraged to break out of the container leading to complete Docker host machine takeover. Portainer versiones 1.24.1 y anteriores, están afectados por un control de acceso incorrecto que puede ... • https://github.com/portainer/portainer/issues/4106 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24263
https://notcve.org/view.php?id=CVE-2020-24263
16 Mar 2021 — Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Docker host. Portainer versiones 1.24.1 y anteriores, están afectadas por una vulnerabilidad de permisos no segura que puede conllevar a una ejecución de código arbitraria remota. Un usuario que no sea administrador puede generar nuevos cont... • https://github.com/portainer/portainer/issues/4105 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16877
https://notcve.org/view.php?id=CVE-2019-16877
07 Nov 2019 — Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). Portainer versiones anteriores a 1.22.1, presenta un Control de Acceso Incorrecto (problema 4 de 4). • https://fortiguard.com/zeroday/FG-VD-19-124 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16878
https://notcve.org/view.php?id=CVE-2019-16878
07 Nov 2019 — Portainer before 1.22.1 has XSS (issue 2 of 2). Portainer versiones anteriores a 1.22.1, presenta una vulnerabilidad de tipo XSS (problema 2 de 2). • https://fortiguard.com/zeroday/FG-VD-19-119 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •