Lucene search
+L

310 matches found

OpenVAS
OpenVAS
added 2018/08/06 12:0 a.m.51 views

Portainer UI No Authentication Vulnerability (HTTP)

The script checks if the Portainer Dashboard UI has no authentication enabled at the remote web server. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2018/07/31 12:0 a.m.23 views

Portainer UI Detection (HTTP)

HTTP based detection of Portainer Dashboard/Web UI. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.4AI score
Exploits0References2
Veracode
Veracode
added 2018/06/25 3:56 a.m.10 views

Sever Side Request Forgery (SSRF) Via Unauthorised Access To Docker API

github.com/portainer/portainer is vulnerable to unauthorized access to docker API. The access is granted as the application does not validate the endpoint access requests, allowing unauthorized users to access internal Docker API, consequently allowing an attacker to leverage sever side request...

6.7AI score
Exploits0
CNVD
CNVD
added 2018/06/25 12:0 a.m.5 views

Portainer Access Restriction Bypass and Server-Side Request Forgery Vulnerabilities

Portainer is a lightweight user management interface for managing Docker environments and Docker hosts. A security vulnerability exists in Portainer versions prior to 1.18.0 that stems from the program's support for requests with unvalidated id query parameters. A remote attacker could use this...

9.8CVSS9.5AI score0.02308EPSS
Exploits0References1
Prion
Prion
added 2018/06/22 6:29 p.m.21 views

Server side request forgery (ssrf)

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...

7.5CVSS9.5AI score0.02308EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/06/22 6:29 p.m.25 views

CVE-2018-12678

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...

9.8CVSS9.6AI score0.02308EPSS
Exploits0References2
OSV
OSV
added 2018/06/22 6:29 p.m.15 views

CVE-2018-12678

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...

9.8CVSS9.8AI score
Exploits0References2
Cvelist
Cvelist
added 2018/06/22 6:0 p.m.23 views

CVE-2018-12678

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...

9.6AI score0.02308EPSS
Exploits0References2
CVE
CVE
added 2018/06/22 6:0 p.m.51 views

CVE-2018-12678

Portainer prior to 1.18.0 is vulnerable: an unauthenticated request to the websocket /websocket/exec endpoint with an unvalidated id parameter can bypass access restrictions and enable server-side request forgery (SSRF). Public Red Hat/CNVD/OSV/etc. entries corroborate the vulnerability; remediat...

9.8CVSS9.5AI score0.02308EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2018/06/15 2:58 p.m.27 views

Uber: [data-07.uberinternal.com] SSRF in Portainer app lead to access to Internal Docker API without Auth

Vulnerability description not provided...

7.1AI score
Exploits0
Rows per page
Query Builder