Lucene search
Veracode Vulnerability DatabaseVERACODE:27497HistoryOct 01, 2020 - 6:22 a.m.
Information Disclosure
2020-10-0106:22:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.001 Low
EPSS
Percentile
44.8%
github.com/goharbor/harbor is vulnerable to information disclosure. An attacker is able to list all usernames and user IDs by sending a GET request to /api/users/search containing the parameter username and value _.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/goharbor/harbor | le | v2.0.2 | |
| github.com/goharbor/harbor | le | v2.1.0-tech-preview |
Related
cve
cve
CVE-2020-13794
2020-09-30 18:15:21
osv
osv
Authenticated users can exploit an enumeration vulnerability in Harbor
2021-05-24 16:58:06
CVE-2020-13794
2020-09-30 18:15:21
BIT-harbor-2020-13794
2024-03-06 10:53:48
cvelist
cvelist
CVE-2020-13794
2020-09-29 20:17:10
nessus
nessus
VMware Harbor User Enumeration (CVE-2020-13794)
2021-08-19 00:00:00
prion
prion
Design/Logic Flaw
2020-09-30 18:15:00
nvd
nvd
CVE-2020-13794
2020-09-30 18:15:21
github
github
Authenticated users can exploit an enumeration vulnerability in Harbor
2021-05-24 16:58:06