CVE-2018-12678 – Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with a …

0

Vuln ID: CVE-2018-12678

Published:  2018-06-22  18:29:00Z

Description: Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.

Source: NVD.NIST.GOV