CVE-2024-29296

Name of the Vulnerable Software and Affected Versions Portainer CE version 2.19.4

Description A user enumeration issue is present in the user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This occurs due to a timing difference during the authentication process.

Recommendations For Portainer CE version 2.19.4, consider restricting access to the authentication endpoint to minimize the risk of exploitation until a patch is available. As a temporary workaround, monitor user authentication attempts closely to detect potential abuse. At the moment, there is no information about a newer version that contains a fix for this vulnerability.