cvedb.io
CVE-2018-19367
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-11-20T09:29:05.053 · Last modified 2026-06-17T01:49:13.210

Summary

Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it was already created. Attackers can set an admin password in the 404 case.

Affected products

portainer — portainer

Does this affect you?

Add your gear to cvedb and we'll alert you only when portainer ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.