CNNVD-202508-3506 Information

CNNVD ID

CNNVD-202508-3506

Related CVE

CVE-2025-58158

• CNNVD Published: 2025-08-29

Description (Chinese)

Harness是Harness开源的一个开发平台。 Harness 3.3.0之前版本存在安全漏洞，该漏洞源于上传路径清理不当，可能导致任意文件写入。

Description (English)

Harness is an open-source development platform for Harness. Prior to Harness 3.3.0, there was a security loophole, which stemmed from the inappropriate clean-up of the upload path, which could lead to any document being written.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Harness

Published

2025-08-29

Last Modified

2026-02-24

References

https://github.com/harness/harness/security/advisories/GHSA-w469-hj2f-jpr5 https://github.com/harness/harness/commit/21c5ce42ae13740b1cad47706c2ec85e72cc8c20 https://access.redhat.com/security/cve/cve-2025-58158 https://nvd.nist.gov/vuln/detail/CVE-2025-58158

Patch

https://github.com/harness/harness/releases