Access Control Flaw in Portainer by Portainer
CVE-2020-24264
9.8CRITICAL
What is CVE-2020-24264?
Portainer versions 1.24.1 and earlier are susceptible to an access control issue that can enable unauthorized remote code execution. The flawed implementation only checks access restrictions on the client-side rather than the server-side. This oversight allows an attacker to create a container with bind mount capabilities, which could potentially be exploited to escape the confines of that container. As a result, an attacker could gain full control over the underlying Docker host machine, posing a significant security risk to environments relying on Portainer for container management.
