Server-Side Request Forgery in VMware Harbor's Ping Function
CVE-2017-17697

8.6HIGH

Key Information:

Vendor: Linux
Status: Harbor
Vendor: CVE Published:; 15 December 2017

Summary

The Ping() function within the Harbor platform exposes a vulnerability that allows an attacker to exploit a Server-Side Request Forgery (SSRF). This occurs through the manipulation of the endpoint parameter directed towards /api/targets/ping, potentially leading to unauthorized access to internal services. Due to insufficient validation of user inputs, malicious actors could leverage this flaw to send crafted requests from the server, resulting in significant security risks.

References

https://github.com/vmware/harbor/issues/3755

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 15, 2017
Vulnerability Reserved
Dec 15, 2017