Lucene search
Veracode Vulnerability DatabaseVERACODE:7862HistoryNov 21, 2018 - 2:02 a.m.
Information Disclosure
2018-11-2102:02:05
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.003 Low
EPSS
Percentile
69.8%
github.com/portainer/portainer is vulnerable to information disclosure. The API endpoint /api/users/admin/check allows a remote attacker to determine if an admin user exists by analyzing server response code. An error 204 indicates an existing admin user while an error 404 indicates a non-existing admin user. This would then allow the attacker to set an admin password in the case of an error 404.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/portainer/portainer | eq | HEAD | |
| github.com/portainer/portainer | le | 1.19.2 |
Related
cvelist
cvelist
CVE-2018-19367
2022-10-03 16:21:56
openvas
openvas
Portainer UI No Administrator Vulnerability
2018-08-06 00:00:00
prion
prion
Design/Logic Flaw
2018-11-20 09:29:00
osv
osv
CVE-2018-19367
2018-11-20 09:29:05
nvd
nvd
CVE-2018-19367
2018-11-20 09:29:05
cve
cve
CVE-2018-19367
2022-10-03 16:21:56