CVE-2018-12678

2018-06-22T18:29:00
ID CVE-2018-12678
Type cve
Reporter cve@mitre.org
Modified 2018-08-13T18:58:00

Description

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.