CNNVD-202507-3148 Information
CNNVD ID
CNNVD-202507-3148
Related CVE
- CNNVD Published: 2025-07-25
Description (Chinese)
Harbor是Harbor开源的一个开源注册表。通过策略和基于角色的访问控制来保护工件,确保图像被扫描并且没有漏洞,并将图像签名为可信的。 Harbor 2.13.1之前版本和2.12.4之前版本存在安全漏洞,该漏洞源于/api/v2.0/users端点存在ORM泄漏,可能导致管理员泄露用户密码哈希和盐值。
Description (English)
Harbor is an open source registration form for Harbor open source. Protect the work through strategic and role-based access controls to ensure that images are scanned and without loopholes and that images are signed as credible. Harbor 2.13.1 has a security loophole in previous versions and in previous versions of 2.12.4, which originates from the ORM leak at the /api/v2.0/user endpoint, which may lead to the leakage of user password Hash and salt values by the administrator.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Harbor
Published
2025-07-25
Last Modified
2026-02-24
References
https://github.com/goharbor/harbor/releases https://github.com/goharbor/harbor/security/advisories/GHSA-h27m-3qw8-3pw8 https://goharbor.io/blog/ https://www.elttam.com/blog/plormbing-your-django-orm/ https://access.redhat.com/security/cve/cve-2025-30086
Patch
https://github.com/goharbor/harbor/releases
Share on: