First published: Wed Mar 27 2019(Updated: )
A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Portainer Portainer | <1.20.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Portainer vulnerability is CVE-2018-19466.
The severity rating of CVE-2018-19466 is critical with a value of 9.8.
The affected software is Portainer before version 1.20.0.
This vulnerability allows LDAP credentials, corresponding to a master password, to be stored in cleartext and retrieved via API calls.
More information about this vulnerability can be found at the following references: [link1](https://github.com/MauroEldritch/lempo), [link2](https://github.com/portainer/portainer/pull/2488), [link3](https://github.com/portainer/portainer/releases).