CVE-2018-12678

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.
References
Link Resource
https://github.com/portainer/portainer/releases/tag/1.18.0 Issue Tracking Third Party Advisory
https://github.com/portainer/portainer/pull/1979 Issue Tracking Patch Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:portainer:portainer:*:*:*:*:*:*:*:*

Information

Published : 2018-06-22 11:29

Updated : 2018-08-13 11:58


NVD link : CVE-2018-12678

Mitre link : CVE-2018-12678


JSON object : View

CWE
CWE-918

Server-Side Request Forgery (SSRF)

Advertisement

dedicated server usa

Products Affected

portainer

  • portainer