Tag
Portainer's authentication middleware accepts JWT bearer tokens passed as the `?token=<JWT>` URL query parameter on any authenticated API endpoint, leading to JWT leakage to logs and referrers, where a leaked token grants the full privileges of the user it was issued to, until the token expires.