GHSA-prh4-vhfh-24mj

ADVISORY - github

Summary

Impact

Harbor write configuration payload to audit log when configuration change, the ldap_search_password and oidc_client_secret will be logged in the audit log without redacted

Patches

Harbor v2.15.0, v2.14.3, v2.13.5

Workarounds

Disable audit log configure event in Harbor Web Console: Go to Administration -> Configuration -> Enable Audit Log Event Type -> Uncheck "Update Configuration" and click "Save" Button.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-312⁠

Cleartext Storage of Sensitive Information

CWE-532⁠

Insertion of Sensitive Information into Log File

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.