Portainer < 1.22.1 Multiple Vulnerabilities

Portainer is prone to multiple vulnerabilities.

Portainer is prone to multiple vulnerabilities: - An Unrestricted Host Filesystem Access vulnerability exists in Stack creation feature in Portainer. Successful exploitation of this vulnerability would allow an authenticated user to gain full permission on the host filesystem. (CVE-2019-16872) - A Stored Cross-Site Scripting vulnerability exists in the isteven-multi-select component in Portainer. Successful exploitation of this vulnerability would allow authenticated users to inject arbitrary Javascript into Portainer pages viewed by other users. (CVE-2019-16873) - An Improper Access Control vulnerability exists in the RBAC extension in Portainer. Successful exploitation of this vulnerability would allow Helpdesk users to access sensitive information via the volume browsing feature. (CVE-2019-16874) - A path traversal vulnerability exists in Portainer. Successful exploitation of this vulnerability would allow an authenticated user to upload files to an arbitrary location. (CVE-2019-16876) - An authorization bypass vulnerability exists in Portainer. Successful exploitation of this vulnerability would allow an authenticated user to gain full permission on a host filesystem via the Host Management API. (CVE-2019-16877) - A Stored Cross-Site Scripting vulnerability exists in the file removal confirmation modal in Portainer. Successful exploitation of this vulnerability would allow an authenticated user to inject arbitrary Javascript into Portainer pages viewed by other users. (CVE-2019-16878)

Portainer versions before 1.22.1.

Checks if a vulnerable version is present on the target host.

Update to Portainer 1.22.1 or later.