Portainer Encryption Vulnerability
CVE-2024-33662

7.5HIGH

Key Information:

Vendor

Portainer

Status
Vendor
CVE Published:
2 October 2024

What is CVE-2024-33662?

A recent vulnerability in Portainer exposes a weakness in its AesEncrypt function, which uses an insecure encryption algorithm. This flaw can potentially allow unauthorized decryption of sensitive data, compromising the integrity and confidentiality of information handled by the application. Users of Portainer prior to version 2.20.2 are urged to upgrade to mitigate this risk. More details can be found in the official release notes and issue tracking on the Portainer GitHub repository.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.