CVE-2018-19466

CRITICAL

Portainer <1.20.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-19466. PoCs published by MauroEldritch.

AI-analyzed exploit summary This exploit PoC demonstrates an information leakage vulnerability in Portainer (CVE-2018-19466) where LDAP credentials are stored in plain text and can be retrieved via authenticated API calls. The script authenticates with provided credentials, retrieves a JWT token, and then fetches LDAP settings including the username, password, and host.

Description

A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls.

Exploits (1)

nomisec WORKING POC 11 stars
by MauroEldritch · poc
https://github.com/MauroEldritch/lempo

This exploit PoC demonstrates an information leakage vulnerability in Portainer (CVE-2018-19466) where LDAP credentials are stored in plain text and can be retrieved via authenticated API calls. The script authenticates with provided credentials, retrieves a JWT token, and then fetches LDAP settings including the username, password, and host.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Portainer (versions prior to the fix in portainer/portainer#2488)
Auth required
Prerequisites: Valid Portainer user credentials · Network access to Portainer API (default port 9000)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/portainer/portainer/pull/2488
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/portainer/portainer/releases
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/MauroEldritch/lempo

Scores

CVSS v3 9.8
EPSS 0.0372
EPSS Percentile 88.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-522
Status published
Products (1)
portainer/portainer < 1.20.0
Published Mar 27, 2019
Tracked Since Feb 18, 2026