VDB
CVE-2022-24961
CVE-2022-24961
PUBLISHED
CVSS 9.800000190734863 CRITICAL
In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days.
EPSS 0.75% · 73.6th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.75%
73.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| portainer | portainer | 0 |
Timeline
- Feb 11, 2022 EPSS Score
- Feb 11, 2022 CVE Published
- Feb 11, 2022 PoC Published
- Apr 4, 2022 EPSS Score
- May 27, 2022 EPSS Score
- Jul 19, 2022 EPSS Score
- Nov 1, 2022 EPSS Score
- Dec 23, 2022 EPSS Score
- Feb 13, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 7, 2023 EPSS Score
- May 29, 2023 EPSS Score
References
- https://github.com/portainer/portainer/issues/6420 url
- https://github.com/portainer/agent/pull/225/commits/a66977c76043fcff4a8f69c4b65988272d27c01f url
- https://www.portainer.io/blog/should-you-expose-portainer-or-agent-to-the-internet url
- https://github.com/portainer/agent/compare/2.11.0...2.11.1 url
- https://nvd.nist.gov/vuln/detail/CVE-2022-24961 advisory