Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Portainer < 1.22.1 Multiple Vulnerabilities
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Portainer is prone to multiple vulnerabilities.
Insight
Insight
Portainer is prone to multiple vulnerabilities: - An Unrestricted Host Filesystem Access vulnerability exists in Stack creation feature in Portainer. Successful exploitation of this vulnerability would allow an authenticated user to gain full permission on the host filesystem. (CVE-2019-16872) - A Stored Cross-Site Scripting vulnerability exists in the isteven-multi-select component in Portainer. Successful exploitation of this vulnerability would allow authenticated users to inject arbitrary Javascript into Portainer pages viewed by other users. (CVE-2019-16873) - An Improper Access Control vulnerability exists in the RBAC extension in Portainer. Successful exploitation of this vulnerability would allow Helpdesk users to access sensitive information via the volume browsing feature. (CVE-2019-16874) - A path traversal vulnerability exists in Portainer. Successful exploitation of this vulnerability would allow an authenticated user to upload files to an arbitrary location. (CVE-2019-16876) - An authorization bypass vulnerability exists in Portainer. Successful exploitation of this vulnerability would allow an authenticated user to gain full permission on a host filesystem via the Host Management API. (CVE-2019-16877) - A Stored Cross-Site Scripting vulnerability exists in the file removal confirmation modal in Portainer. Successful exploitation of this vulnerability would allow an authenticated user to inject arbitrary Javascript into Portainer pages viewed by other users. (CVE-2019-16878)
Affected Software
Affected Software
Portainer versions before 1.22.1.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to Portainer 1.22.1 or later.