Published: 20/11/2018 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Portainer up to and including 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.

Vulnerable Product	Search on Vulmon	Subscribe to Product
portainer portainer

This script search at shodan for portainer poorly configured and vulnerable

Responsible Disclosure Portainer - Check if admin already created by a public API endpoint CVE CVE-2018-19367 PRODUCT DESCRIPTION Portainer is an open-source lightweight management UI which allows you to easily manage your Docker hosts or Swarm clusters BACKGROUND Portainer until 1192 VULNERABILITY DETAILS Portainer provides an API endpoint (/api/users/admin/check) to veri

NVD-CWE-noinfo https://github.com/portainer/portainer/issues/2475 https://github.com/lichti/shodan-portainer/https://nvd.nist.gov https://github.com/lichti/shodan-portainer

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-19367

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect