5 matches found
CVE-2018-12678
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...
CVE-2018-12678
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...
CVE-2018-12678
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...
CVE-2018-12678
Portainer prior to 1.18.0 is vulnerable: an unauthenticated request to the websocket /websocket/exec endpoint with an unvalidated id parameter can bypass access restrictions and enable server-side request forgery (SSRF). Public Red Hat/CNVD/OSV/etc. entries corroborate the vulnerability; remediat...
CVE-2018-12678
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...