Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Portainer HTTP Headers May Leak to Malicious Container Registries
Vulnerability Description
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. Prior to STS version 2.31.0 and LTS version 2.27.7, if a Portainer administrator can be convinced to register a malicious container registry, or an existing container registry can be taken over, HTTP Headers (including registry authentication credentials or Portainer session tokens) may be leaked to that registry. This issue has been patched in STS version 2.31.0 and LTS version 2.27.7.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
信息暴露
Vulnerability Title
Portainer 信息泄露漏洞
Vulnerability Description
Portainer是Portainer开源的一款用于管理Docker环境和Docker主机的轻量级用户管理界面。 Portainer Community Edition 2.31.0之前版本和2.27.7之前版本存在信息泄露漏洞,该漏洞源于注册恶意容器注册表可能导致HTTP标头泄露。
CVSS Information
N/A
Vulnerability Type
N/A