Lucene search

GoogleOSV:CVE-2023-20902

HistoryNov 09, 2023 - 1:15 a.m.

CVE-2023-20902

2023-11-0901:15:07

Google

osv.dev

cve-2023-20902

timing condition

harbor 2.6.x

harbor 2.7.2

harbor 2.8.2

harbor 1.10.17

network access

job tasks

job task information

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.8%

JSON

A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to
create jobs/stop job tasks and retrieve job task information.

CPENameOperatorVersion
harboreq2.7.2-rc1
harboreq2.7.1
harboreq2.7.1-rc1
harboreq2.7.2
harboreq2.7.0

Name	Operator	Version
harbor	eq	2.7.2-rc1
harbor	eq	2.7.1
harbor	eq	2.7.1-rc1
harbor	eq	2.7.2
harbor	eq	2.7.0

References

github.com/goharbor/harbor/security/advisories/GHSA-mq6f-5xh5-hgcf

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.8%

JSON

Related for OSV:CVE-2023-20902