Portainer vulnerability allows redirects to any URL
CVE-2024-33661

9.1CRITICAL

Key Information:

Vendor

Portainer

Status
Vendor
CVE Published:
26 April 2024

What is CVE-2024-33661?

Portainer, an open-source container management tool, has a vulnerability that allows untrusted redirects when the target is not index.yaml. This security issue has been identified in versions prior to 2.20.0, enabling potential attackers to exploit the redirect functionality to direct users to unintended locations. Users are advised to upgrade to the latest version to mitigate these risks and secure their Portainer deployments.

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.