Vulnerabilities > Portainer > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2022-24961 | Unspecified vulnerability in Portainer In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days. | 7.5 |
| 2021-10-29 | CVE-2021-41874 | Unspecified vulnerability in Portainer An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a malicious user obtain sensitive information. | 7.5 |
| 2018-06-22 | CVE-2018-12678 | Server-Side Request Forgery (SSRF) vulnerability in Portainer Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks. | 7.5 |