Server-Side Request Forgery in Harbor by GoHarbor
CVE-2020-13788

4.3MEDIUM

Key Information:

Vendor
Linux
Status
Harbor
Vendor
CVE Published:
15 July 2020

Summary

Harbor prior to version 2.0.1 is susceptible to a Server-Side Request Forgery (SSRF) vulnerability. This flaw allows an attacker with edit permissions on projects to exploit the Harbor server's capabilities to scan ports on internal hosts within the Harbors intranet. This unauthorized access can lead to further exploitation of internal resources, making it vital for users to upgrade to the latest version to ensure their environments remain secure.

References

https://github.com/goharbor/harbor/releases
x_refsource_MISC
https://www.soluble.ai/blog/harbor-ssrf-cve-2020-13788
x_refsource_CONFIRM
https://www.youtube.com/watch?v=v8Isqy4yR3Q
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.