Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.114162 |
Kategorie: | Web application abuses |
Titel: | Portainer < 1.22.1 Multiple Vulnerabilities |
Zusammenfassung: | Portainer is prone to multiple vulnerabilities. |
Beschreibung: | Summary: Portainer is prone to multiple vulnerabilities. Vulnerability Insight: Portainer is prone to multiple vulnerabilities: - An Unrestricted Host Filesystem Access vulnerability exists in Stack creation feature in Portainer. Successful exploitation of this vulnerability would allow an authenticated user to gain full permission on the host filesystem. (CVE-2019-16872) - A Stored Cross-Site Scripting vulnerability exists in the isteven-multi-select component in Portainer. Successful exploitation of this vulnerability would allow authenticated users to inject arbitrary Javascript into Portainer pages viewed by other users. (CVE-2019-16873) - An Improper Access Control vulnerability exists in the RBAC extension in Portainer. Successful exploitation of this vulnerability would allow Helpdesk users to access sensitive information via the volume browsing feature. (CVE-2019-16874) - A path traversal vulnerability exists in Portainer. Successful exploitation of this vulnerability would allow an authenticated user to upload files to an arbitrary location. (CVE-2019-16876) - An authorization bypass vulnerability exists in Portainer. Successful exploitation of this vulnerability would allow an authenticated user to gain full permission on a host filesystem via the Host Management API. (CVE-2019-16877) - A Stored Cross-Site Scripting vulnerability exists in the file removal confirmation modal in Portainer. Successful exploitation of this vulnerability would allow an authenticated user to inject arbitrary Javascript into Portainer pages viewed by other users. (CVE-2019-16878) Affected Software/OS: Portainer versions before 1.22.1. Solution: Update to Portainer 1.22.1 or later. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-16872 Common Vulnerability Exposure (CVE) ID: CVE-2019-16873 Common Vulnerability Exposure (CVE) ID: CVE-2019-16874 Common Vulnerability Exposure (CVE) ID: CVE-2019-16876 Common Vulnerability Exposure (CVE) ID: CVE-2019-16877 Common Vulnerability Exposure (CVE) ID: CVE-2019-16878 |
Copyright | Copyright (C) 2019 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |