CNNVD-202507-3042 Information
CNNVD ID
CNNVD-202507-3042
Related CVE
- CNNVD Published: 2025-07-23
Description (Chinese)
Harbor是Harbor开源的一个开源注册表。通过策略和基于角色的访问控制来保护工件,确保图像被扫描并且没有漏洞,并将图像签名为可信的。 Harbor 2.11.2及之前版本、2.12.0-rc1版本和2.13.0-rc1版本存在跨站脚本漏洞,该漏洞源于信息标签页中的markdown字段可被利用注入XSS代码。
Description (English)
Harbor is an open source registration form for Harbor open source. Protect the work through strategic and role-based access controls to ensure that images are scanned and without loopholes and that images are signed as credible. Harbor 2.11.2 and previous versions, version 2.12.0-rc1 and version 2.13.0-rc1 have cross-site script holes, which stem from the use of the Markdown field in the information tab to inject XSS codes.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Harbor
Published
2025-07-23
Last Modified
2026-02-24
References
https://github.com/goharbor/harbor/commit/76c2c5f7cfd9edb356cbb373889a59cc3217a058 https://github.com/goharbor/harbor/commit/a13a16383a41a8e20f524593cb290dc52f86f088 https://github.com/goharbor/harbor/commit/f019430872118852f83f96cac9c587b89052d1e5 https://github.com/goharbor/harbor/security/advisories/GHSA-f9vc-vf3r-pqqq
Patch
https://github.com/goharbor/harbor/releases
Share on: