Vulnerabilities > Portainer > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-11 | CVE-2022-24961 | Unspecified vulnerability in Portainer In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days. | 7.5 |
2021-10-29 | CVE-2021-41874 | Unspecified vulnerability in Portainer An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a malicious user obtain sensitive information. | 7.5 |
2018-06-22 | CVE-2018-12678 | Server-Side Request Forgery (SSRF) vulnerability in Portainer Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks. | 7.5 |