Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 04 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Portainer
Portainer portainer
Weaknesses CWE-326
CPEs cpe:2.3:a:portainer:portainer:*:*:*:*:*:*:*:*
Vendors & Products Portainer
Portainer portainer
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 02 Oct 2024 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 02 Oct 2024 04:45:00 +0000

Type Values Removed Values Added
Description Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-12-04T16:45:43.671Z

Reserved: 2024-04-25T00:00:00

Link: CVE-2024-33662

cve-icon Vulnrichment

Updated: 2024-10-02T13:46:45.882Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-02T05:15:11.643

Modified: 2025-05-21T18:07:02.313

Link: CVE-2024-33662

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.