Sign In

GHSA-prh4-vhfh-24mj

ADVISORY - github

Summary

Impact

Harbor write configuration payload to audit log when configuration change, the ldap_search_password and oidc_client_secret will be logged in the audit log without redacted

Patches

Harbor v2.15.0, v2.14.3, v2.13.5

Workarounds

Disable audit log configure event in Harbor Web Console: Go to Administration -> Configuration -> Enable Audit Log Event Type -> Uncheck "Update Configuration" and click "Save" Button.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-312

Cleartext Storage of Sensitive Information

CWE-532

Insertion of Sensitive Information into Log File

Impacted images

Advisories

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-prh4-vhfh-24mj
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-312CWE-532

CVSS SCORE

6.9medium