Access Control Flaw in Portainer Affects Multiple Versions
CVE-2019-16872

9.9CRITICAL

Key Information:

Vendor

Portainer

Status
Vendor
CVE Published:
7 November 2019

What is CVE-2019-16872?

Portainer, an open-source container management tool, prior to version 1.22.1, suffers from an access control vulnerability that can allow unauthorized users to access functionalities they should not have permission to use. This issue can potentially lead to unauthorized access to sensitive data and operations within the Portainer application. Organizations using affected versions are advised to upgrade to mitigate security risks.

References

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.