Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container is spawned, it can be leveraged to break out of the container leading to complete Docker host machine takeover.
References
Link | Resource |
---|---|
https://github.com/portainer/portainer/issues/4106 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-03-16T14:42:45
Updated: 2021-03-16T14:42:45
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-24264
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-16T15:15:12.607
Modified: 2021-03-23T18:53:26.503
Link: CVE-2020-24264
JSON object: View
Redhat Information
No data.
CWE