VYPR
Unrated severityOSV Advisory· Published Nov 20, 2018· Updated Sep 16, 2024

CVE-2018-19367

CVE-2018-19367

Description

Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Portainer/PortainerOSV2 versions
    1.0.0, 1.0.1, 1.0.2, …+ 1 more
    • (no CPE)range: 1.0.0, 1.0.1, 1.0.2, …
    • (no CPE)range: <=1.19.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.