exploitDog

CVE-2018-19367

Опубликовано: 20 нояб. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.

Ссылки

https://github.com/lichti/shodan-portainer/
Exploit
Third Party Advisory
https://github.com/portainer/portainer/issues/2475
Exploit
Issue Tracking
Mitigation
Third Party Advisory
https://github.com/lichti/shodan-portainer/
Exploit
Third Party Advisory
https://github.com/portainer/portainer/issues/2475
Exploit
Issue Tracking
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:portainer:portainer:*:*:*:*:*:*:*:*

Версия до 1.19.2 (включая)

EPSS

Процентиль: 51%

0.00283

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-2mq6-rxq2-qgxv

CVSS3: 9.8

github

больше 3 лет назад

Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.

EPSS

Процентиль: 51%

0.00283

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo