CVE-2020-24264
First published: Tue Mar 16 2021(Updated: )
Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container is spawned, it can be leveraged to break out of the container leading to complete Docker host machine takeover.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Portainer Portainer | <=1.24.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of Portainer?
The vulnerability ID of Portainer is CVE-2020-24264.
What is the severity of CVE-2020-24264?
The severity of CVE-2020-24264 is critical.
Which version of Portainer is affected by CVE-2020-24264?
Portainer version 1.24.1 and earlier are affected by CVE-2020-24264.
How can CVE-2020-24264 be exploited?
CVE-2020-24264 can be exploited by attackers to execute remote arbitrary code by bypassing the incorrect access control in Portainer.
Is there a fix available for CVE-2020-24264?
Yes, users should update Portainer to a version that has the fix for CVE-2020-24264 implemented.
- collector/nvd-index
- vendor/portainer
- canonical/portainer portainer
- version/portainer portainer/1.24.1