Ncresswell

Name of the Vulnerable Software and Affected Versions: Portainer versions 1.24.1 and earlier Description: The issue is related to incorrect access control, which may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, allowing for the spawning of a container with a bind mount. This can be leveraged to break out of the container, leading to a complete takeover of the Docker host machine. Recommendations: For Portainer versions 1.24.1 and earlier, as a temporary workaround, consider disabling the bind mount feature until a patch is available. Restrict access to the Docker host machine to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.