Lucene search

GoogleOSV:BIT-HARBOR-2020-29662

HistoryMar 06, 2024 - 10:53 a.m.

BIT-harbor-2020-29662

2024-03-0610:53:37

Google

osv.dev

harbor

software security

unauthenticated path

catalog's registry api

version 2.0.5

version 2.1.2

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.9%

JSON

In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path.

CPENameOperatorVersion
harborge2.0.0
harborlt2.0.5
harborge2.1.0
harborlt2.1.2

Name	Operator	Version
harbor	ge	2.0.0
harbor	lt	2.0.5
harbor	ge	2.1.0
harbor	lt	2.1.2

References

github.com/goharbor/harbor/security/advisories/GHSA-38r5-34mr-mvm7

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.9%

JSON

Related for OSV:BIT-HARBOR-2020-29662