Vulnerabilities > Portainer > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-02-11 CVE-2022-24961 Unspecified vulnerability in Portainer
In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days.
network
low complexity
portainer
critical
9.8
2021-03-16 CVE-2020-24264 Incorrect Authorization vulnerability in Portainer
Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution.
network
low complexity
portainer CWE-863
critical
9.8
2019-11-07 CVE-2019-16872 Unspecified vulnerability in Portainer
Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4).
network
low complexity
portainer
critical
9.9
2019-03-27 CVE-2018-19466 Insufficiently Protected Credentials vulnerability in Portainer
A vulnerability was found in Portainer before 1.20.0.
network
low complexity
portainer CWE-522
critical
9.8
2018-11-20 CVE-2018-19367 Unspecified vulnerability in Portainer
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created.
network
low complexity
portainer
critical
9.8
2018-06-22 CVE-2018-12678 Server-Side Request Forgery (SSRF) vulnerability in Portainer
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.
network
low complexity
portainer CWE-918
critical
9.8