CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
25.9%
Under OIDC authentication mode, there is a redirect_url parameter exposed in the URL which is used to redirect the current user to the defined location after the successful OIDC login, This redirect_url can be an ambiguous URL and can be used to embed a phishing URL.
For example: if a user clicks the URL with a malicious redirect_url:
https://<harbor_hostnmae>/c/oidc/login?redirect_url=https://<redirect_domain>
It might redirect the current user without their knowledge to a malicious site, posing a potential risk.
To avoid this issue, the redirect_url should be checked if it is a local path when reading it from the original request URL.
//src/core/controllers/oidc.go
...
redirectURL := oc.Ctx.Request.URL.Query().Get("redirect_url")
if !utils.IsLocalPath(redirectURL) {
log.Errorf("invalid redirect url: %v", redirectURL)
oc.SendBadRequestError(fmt.Errorf("cannot redirect to other site"))
return
}
if err := oc.SetSession(redirectURLKey, redirectURL); err != nil {
...
When Harbor is configured with OIDC authentication and users log in via a link outside the Harbor server, it might be vulnerable to an open redirect attack. This attack only involves the OIDC Harbor user, if the current Harbor instance is not configured with OIDC auth, the redirect_url doesn’t exist and the Harbor instance is not vulnerable to the open redirect attack.
The following versions of Harbor are involved:
<=Harbor 2.8.4, <=Harbor 2.9.2, <= Harbor 2.10.0
Harbor 2.8.5, Harbor 2.9.3, Harbor 2.10.1
When the Harbor is configured with OIDC authentication, warn the user not to log into the Harbor through external links.
N/A
Thanks Arnaud Cordier ([email protected])
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
25.9%