Websocket Endpoint Vulnerability in Portainer by Portainer
CVE-2018-12678

9.8CRITICAL

Key Information:

Vendor

Portainer

Status
Portainer
Vendor
CVE Published:
22 June 2018

What is CVE-2018-12678?

Portainer versions before 1.18.0 are susceptible to vulnerabilities in their websocket endpoint, allowing remote attackers to exploit an unvalidated 'id' query parameter during unauthenticated requests to the /websocket/exec endpoint. This could potentially lead to unauthorized access, bypassing access controls, and conducting Server-Side Request Forgery (SSRF) attacks, which may compromise sensitive data or resources.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/portainer/portainer/pull/1979
x_refsource_CONFIRM
https://github.com/portainer/portainer/releases/tag/1.18.0
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.