CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24961
https://notcve.org/view.php?id=CVE-2022-24961
11 Feb 2022 — In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days. En Portainer Agent versiones anteriores a 2.11.1, un servidor de API puede seguir funcionando aunque no esté asociado a una instancia de Portainer en los últimos días • https://github.com/portainer/agent/compare/2.11.0...2.11.1 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42650
https://notcve.org/view.php?id=CVE-2021-42650
18 Oct 2021 — Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Portainer versiones anteriores a 2.9.1 por medio de la caja de entrada del nodo en las plantillas personalizadas • https://github.com/portainer/portainer/pull/5766 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24264
https://notcve.org/view.php?id=CVE-2020-24264
16 Mar 2021 — Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container is spawned, it can be leveraged to break out of the container leading to complete Docker host machine takeover. Portainer versiones 1.24.1 y anteriores, están afectados por un control de acceso incorrecto que puede ... • https://github.com/portainer/portainer/issues/4106 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24263
https://notcve.org/view.php?id=CVE-2020-24263
16 Mar 2021 — Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Docker host. Portainer versiones 1.24.1 y anteriores, están afectadas por una vulnerabilidad de permisos no segura que puede conllevar a una ejecución de código arbitraria remota. Un usuario que no sea administrador puede generar nuevos cont... • https://github.com/portainer/portainer/issues/4105 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16877
https://notcve.org/view.php?id=CVE-2019-16877
07 Nov 2019 — Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). Portainer versiones anteriores a 1.22.1, presenta un Control de Acceso Incorrecto (problema 4 de 4). • https://fortiguard.com/zeroday/FG-VD-19-124 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16878
https://notcve.org/view.php?id=CVE-2019-16878
07 Nov 2019 — Portainer before 1.22.1 has XSS (issue 2 of 2). Portainer versiones anteriores a 1.22.1, presenta una vulnerabilidad de tipo XSS (problema 2 de 2). • https://fortiguard.com/zeroday/FG-VD-19-119 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16876
https://notcve.org/view.php?id=CVE-2019-16876
07 Nov 2019 — Portainer before 1.22.1 allows Directory Traversal. Portainer versiones anteriores a 1.22.1, permite el Salto de Directorio. • https://fortiguard.com/zeroday/FG-VD-19-123 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16872
https://notcve.org/view.php?id=CVE-2019-16872
07 Nov 2019 — Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). Portainer versiones anteriores a 1.22.1, presenta un Control de Acceso Incorrecto (problema 1 de 4). • https://fortiguard.com/zeroday/FG-VD-19-120 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16874
https://notcve.org/view.php?id=CVE-2019-16874
07 Nov 2019 — Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4). Portainer versiones anteriores a 1.22.1, presenta un Control de Acceso Incorrecto (problema 2 de 4). • https://fortiguard.com/zeroday/FG-VD-19-121 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16873
https://notcve.org/view.php?id=CVE-2019-16873
07 Nov 2019 — Portainer before 1.22.1 has XSS (issue 1 of 2). Portainer versiones anteriores a 1.22.1, presenta una vulnerabilidad de tipo XSS (problema 1 de 2). • https://fortiguard.com/zeroday/FG-VD-19-118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •