Thayse Marques Solis

**Name of the Vulnerable Software and Affected Versions** Portainer CE version 2.19.4 **Description** A user enumeration issue is present in the user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a `username` is valid or not. This occurs due to a timing difference during the authentication process. **Recommendations** For Portainer CE version 2.19.4, consider restricting access to the authentication endpoint to minimize the risk of exploitation until a patch is available. As a temporary workaround, monitor user authentication attempts closely to detect potential abuse. At the moment, there is no information about a newer version that contains a fix for this vulnerability.