CNNVD-202509-3211 Information

CNNVD ID

CNNVD-202509-3211

Related CVE

CVE-2025-10760

• CNNVD Published: 2025-09-21

Description (Chinese)

Harness是Harness开源的一个开发平台。 Harness 3.3.0版本存在代码问题漏洞，该漏洞源于文件app/api/controller/gitspace/lookup_repo.go中LookupRepo函数对参数url的错误操作，可能导致服务端请求伪造。

Description (English)

Harness is an open-source development platform for Harness. Version 3.3.0 of Harness has a code problem loophole, which stems from the error of the LookupRepo function in documentapp/api/controller/gitspace/lookup repo.go in relation to the parameter url, which may lead to the forgery of service-level requests.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Harness

Published

2025-09-21

Last Modified

2026-02-24

References

https://vuldb.com/?submit.646843 https://github.com/August829/Yu/blob/main/58ead8e7e08bfb019.md#poc https://vuldb.com/?ctiid.325115 https://vuldb.com/?id.325115 https://access.redhat.com/security/cve/cve-2025-10760