Portainer prior to 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote malicious users to bypass intended access restrictions or conduct SSRF attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
portainer portainer |