Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:27 p.m.15 views

CVE-2018-12678

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...

9.8CVSS7.3AI score0.02308EPSS
Exploits0References1
OSV
OSV
added 2018/06/22 6:29 p.m.14 views

CVE-2018-12678

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...

9.8CVSS9.8AI score
Exploits0References2
NVD
NVD
added 2018/06/22 6:29 p.m.25 views

CVE-2018-12678

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...

9.8CVSS9.6AI score0.02308EPSS
Exploits0References2
CVE
CVE
added 2018/06/22 6:0 p.m.50 views

CVE-2018-12678

Portainer prior to 1.18.0 is vulnerable: an unauthenticated request to the websocket /websocket/exec endpoint with an unvalidated id parameter can bypass access restrictions and enable server-side request forgery (SSRF). Public Red Hat/CNVD/OSV/etc. entries corroborate the vulnerability; remediat...

9.8CVSS9.5AI score0.02308EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/06/22 6:0 p.m.23 views

CVE-2018-12678

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...

9.6AI score0.02308EPSS
Exploits0References2
Rows per page
Query Builder