Unauthenticated WebSocket SSRF Vulnerability in Portainer
CVE-2018-12678 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.
Learn more about our Web App Pen Testing.