Server side request forgery (ssrf)

2018-06-2218:29:00

PRIOn knowledge base

www.prio-n.com

9.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.7%

JSON

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.

CPENameOperatorVersion
portainerlt1.18.0

CPE	Name	Operator	Version
	portainer	lt	1.18.0

References

github.com/portainer/portainer/pull/1979

github.com/portainer/portainer/releases/tag/1.18.0