{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-29296", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T01:10:54.735Z", "dateReserved": "2024-03-19T00:00:00", "datePublished": "2024-04-10T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-10T14:27:53.162146"}, "descriptions": [{"lang": "en", "value": "A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://portainer.com"}, {"url": "https://github.com/ThaySolis/CVE-2024-29296"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-286", "lang": "en", "description": "CWE-286 Incorrect User Management"}]}], "affected": [{"vendor": "portainer", "product": "portainer", "cpes": ["cpe:2.3:a:portainer:portainer:2.19.4:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.19.4", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-04-22T18:55:19.097416Z", "id": "CVE-2024-29296", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-24T19:10:40.753Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:10:54.735Z"}, "title": "CVE Program Container", "references": [{"url": "http://portainer.com", "tags": ["x_transferred"]}, {"url": "https://github.com/ThaySolis/CVE-2024-29296", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://portainer.com", "tags": ["x_transferred"]}, {"url": "https://github.com/ThaySolis/CVE-2024-29296", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:10:54.735Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-29296", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-22T18:55:19.097416Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:portainer:portainer:2.19.4:*:*:*:*:*:*:*"], "vendor": "portainer", "product": "portainer", "versions": [{"status": "affected", "version": "2.19.4"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-286", "description": "CWE-286 Incorrect User Management"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-22T18:51:18.271Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://portainer.com"}, {"url": "https://github.com/ThaySolis/CVE-2024-29296"}], "descriptions": [{"lang": "en", "value": "A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-10T14:27:53.162146"}}}, "cveMetadata": {"cveId": "CVE-2024-29296", "state": "PUBLISHED", "dateUpdated": "2024-08-02T01:10:54.735Z", "dateReserved": "2024-03-19T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-04-10T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:portainer:portainer:2.19.4:*:*:*:*:*:*:*", "matchCriteriaId": "F2EA041E-ED2F-4E11-B20E-853AF3EEA140", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de enumeraci\u00f3n de usuarios en Portainer CE 2.19.4. Este problema ocurre durante el proceso de autenticaci\u00f3n del usuario, donde una diferencia en el tiempo de respuesta podr\u00eda permitir que un usuario remoto no autenticado determine si un nombre de usuario es v\u00e1lido o no."}], "id": "CVE-2024-29296", "lastModified": "2025-06-05T13:51:40.593", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-10T15:16:05.033", "references": [{"source": "[email protected]", "tags": ["Product"], "url": "http://portainer.com"}, {"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/ThaySolis/CVE-2024-29296"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "http://portainer.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/ThaySolis/CVE-2024-29296"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-286"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}