Websocket Endpoint Vulnerability in Portainer by Portainer
CVE-2018-12678
9.8CRITICAL
What is CVE-2018-12678?
Portainer versions before 1.18.0 are susceptible to vulnerabilities in their websocket endpoint, allowing remote attackers to exploit an unvalidated 'id' query parameter during unauthenticated requests to the /websocket/exec endpoint. This could potentially lead to unauthorized access, bypassing access controls, and conducting Server-Side Request Forgery (SSRF) attacks, which may compromise sensitive data or resources.
