Portainer: >> Portainer >> 1.19.2 Security Vulnerabilities
Portainer before 1.22.1 has XSS (issue 2 of 2).
CVSS Score
5.4
EPSS Score
0.003
Published
2019-11-07
Portainer before 1.22.1 has XSS (issue 1 of 2).
CVSS Score
5.4
EPSS Score
0.004
Published
2019-11-07
Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4).
CVSS Score
6.5
EPSS Score
0.004
Published
2019-11-07
A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls.
CVSS Score
9.8
EPSS Score
0.12
Published
2019-03-27
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-11-20
Page 2