Andres-Portainer

**Name of the Vulnerable Software and Affected Versions** Portainer Community Edition versions prior to 2.31.0 (STS) and prior to 2.27.7 (LTS) **Description** The issue affects a lightweight service delivery platform for containerized applications, allowing management of Docker, Swarm, Kubernetes, and ACI environments. If an administrator is convinced to register a malicious container registry, or an existing registry is taken over, HTTP Headers may be leaked, including registry authentication credentials or session tokens. **Recommendations** For versions prior to 2.31.0 (STS) and prior to 2.27.7 (LTS), update to version 2.31.0 (STS) or 2.27.7 (LTS) to resolve the issue. As a temporary workaround, consider restricting the registration of new container registries and monitoring existing ones for suspicious activity. Avoid using vulnerable registries until the issue is resolved.