Lucene search

K
osvGoogleOSV:CVE-2018-12678
HistoryJun 22, 2018 - 6:29 p.m.

CVE-2018-12678

2018-06-2218:29:00
Google
osv.dev
4

AI Score

9.8

Confidence

High

EPSS

0.003

Percentile

70.7%

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.

AI Score

9.8

Confidence

High

EPSS

0.003

Percentile

70.7%

Related for OSV:CVE-2018-12678