Lucene search

K
osv
GoogleOSV:GHSA-33P6-FX42-7RF5
HistoryFeb 11, 2022 - 11:17 p.m.

Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788)

2022-02-1123:17:02
Google
osv.dev
5

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

33.1%

Impact

Matt Hamilton from Soluble has discovered a limited Server-Side Request Forgery (SSRF) that allowed Harbor project owners to scan the TCP ports of hosts on the Harbor server’s internal network.

The vulnerability was immediately fixed by the Harbor team.

Issue

The “Test Endpoint” API, part of the functionality for ensuring a project Webhook is accessible and functional, is vulnerable to a limited SSRF attack. A malicious user that is also a project administrator can use this API for internal port scanning.

Known Attack Vectors

Successful exploitation of this issue will lead to bad actors identifying open TCP ports on any network that is accessible by the Harbor core services

Patches

If your product uses the affected releases of Harbor, update to version 2.0.1 to patch this issue immediately.

https://github.com/goharbor/harbor/releases/tag/v2.0.1

Workarounds

Since only project administrators (the user that created the project) are allowed to test the webhook endpoints configured in Harbor, a Harbor system administrator can control who is a project admin. In addition, Harbor system administrators can enforce a setting where only an administrator is allowed to create new projects instead of the default Everyone. This further restricts who can be a project administrator in Harbor.

For more information

If you have any questions or comments about this advisory, contact cncf-harbor-security@lists.cncf.io
View our security policy at https://github.com/goharbor/harbor/security/policy
https://nvd.nist.gov/vuln/detail/CVE-2020-13788
https://www.soluble.ai/blog/harbor-ssrf-cve-2020-13788

How to protect your server from attacks?

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

33.1%

Related for OSV:GHSA-33P6-FX42-7RF5