Vulnerabilities > Portainer > High

DATE CVE VULNERABILITY TITLE RISK
2022-02-11 CVE-2022-24961 Unspecified vulnerability in Portainer
In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days.
network
low complexity
portainer
7.5
2021-10-29 CVE-2021-41874 Unspecified vulnerability in Portainer
An unauthorized access vulnerabiitly exists in all versions of Portainer, which could let a malicious user obtain sensitive information.
network
low complexity
portainer
7.5
2018-06-22 CVE-2018-12678 Server-Side Request Forgery (SSRF) vulnerability in Portainer
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.
network
low complexity
portainer CWE-918
7.5