CVE-2018-12678

Posted on by admin

CVE-2018-12678

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.

Source: CVE-2018-12678

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다