CVE-2018-12678

Published: 2018-06-22T18:29Z

Last Modified: 2024-11-21T03:45Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt