CVE-2024-29296

{"id": "CVE-2024-29296", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-04-10T15:16:05.033", "references": [{"url": "http://portainer.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/ThaySolis/CVE-2024-29296", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://portainer.com", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/ThaySolis/CVE-2024-29296", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-286"}]}], "descriptions": [{"lang": "en", "value": "A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de enumeraci\u00f3n de usuarios en Portainer CE 2.19.4. Este problema ocurre durante el proceso de autenticaci\u00f3n del usuario, donde una diferencia en el tiempo de respuesta podr\u00eda permitir que un usuario remoto no autenticado determine si un nombre de usuario es v\u00e1lido o no."}], "lastModified": "2025-06-05T13:51:40.593", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:portainer:portainer:2.19.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2EA041E-ED2F-4E11-B20E-853AF3EEA140"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}