Portainer.io
Aikido Vulnerability Scan found high CVE on portainer-ce:2.33.1-alpine #12857
Unanswered
gabicavalcante
asked this question in
Help
Replies: 1 comment 2 replies
-
|
Thanks @gabicavalcante we are looking into this |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
@gabicavalcante This is a very low probability of user impact for us, but we are going to get this resolved in our next LTS release |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @Nick-Portainer! We were not sure about how this vulnerability could impact Portainer, so we prefer to check with you :) |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Ask a Question!
Aikido reports 4 high CVEs on portainer-ce:2.33.1-alpine because of stdlib package (1.24.4).
The report points to vulnerabilities in Go’s stdlib that could allow attackers to access/modify system files or trigger path traversal, and it shows them affecting both /portainer and /docker binaries.
Do these CVEs actually affect Portainer in practice, or are they just present in the runtime without real exposure? And is there a patched release planned?
Beta Was this translation helpful? Give feedback.
All reactions