VDB
CVE-2024-33662
CVE-2024-33662
PUBLISHED
CVSS 7.5 HIGH
Portainer improperly uses an encryption algorithm in the AesEncrypt function
EPSS 0.09% · 26.0th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.09%
26.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| portainer | portainer | 0, 0 |
| portainer | portainer | 0, 0 |
| github.com | portainer/portainer | 0, 0 |
| n/a | n/a | n/a, n/a |
Exploit Intelligence
- CIRCL seen: CVE-2024-33662 (circl-sighting)
- https://www.portainer.io (circl)
- https://github.com/portainer/portainer/compare/2.20.1...2.20.2 (circl)
- https://github.com/portainer/portainer/issues/11737 (circl)
Timeline
- Oct 2, 2024 CVE Published
- Oct 2, 2024 EPSS Score
- Oct 2, 2024 PoC Published
- Oct 4, 2024 Coalition ESS Score
- Oct 21, 2024 EPSS Score
- Nov 9, 2024 EPSS Score
- Nov 28, 2024 EPSS Score
- Dec 4, 2024 CVE Updated
- Dec 18, 2024 EPSS Score
- Jan 7, 2025 EPSS Score
- Jan 26, 2025 EPSS Score
- Feb 14, 2025 EPSS Score
References
- https://www.portainer.io url
- https://github.com/portainer/portainer/compare/2.20.1...2.20.2 url
- https://github.com/portainer/portainer/issues/11737 url
- https://nvd.nist.gov/vuln/detail/CVE-2024-33662 advisory
- https://github.com/portainer/portainer package
- https://github.com/search?q=repo%3Aportainer%2Fportainer+EE-6764&type=pullrequests url
- https://pkg.go.dev/vuln/GO-2024-3172 url