Security Advisory

CVE-2020-24263

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-03-16 14:42:39

Last updated 2024-08-04 15:12:08

Assigner mitre

State PUBLISHED

Description

Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Docker host.

← Browse all CVEs View on cve.org ↗