x/vulndb: potential Go vuln in github.com/portainer/portainer: CVE-2018-19466

[tatianab]

CVE-2018-19466 references github.com/portainer/portainer, which may be a Go module.

Description:
A vulnerability was found in Portainer before 1.20.0. Portainer stores LDAP credentials, corresponding to a master password, in cleartext and allows their retrieval via API calls.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2018-19466
• fix: feat(api): filter LDAP password from settings response portainer/portainer#2488
• web: https://github.com/portainer/portainer/releases
• web: https://github.com/MauroEldritch/lempo
• Imported by: https://pkg.go.dev/github.com/portainer/portainer?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/portainer/portainer
      vulnerable_at: 0.10.1
      packages:
        - package: n/a
cves:
    - CVE-2018-19466
references:
    - fix: https://github.com/portainer/portainer/pull/2488
    - web: https://github.com/portainer/portainer/releases
    - web: https://github.com/MauroEldritch/lempo

[gopherbot]

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports