CVE-2017-17697

The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.
References
Link Resource
https://github.com/vmware/harbor/issues/3755 Exploit Third Party Advisory
https://github.com/vmware/harbor/issues/3755 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:harbor:1.3.0:-:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:harbor:1.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:harbor:1.3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:harbor:1.3.0:rc3:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:harbor:1.3.0:rc4:*:*:*:*:*:*

History

21 Nov 2024, 03:18

Type Values Removed Values Added
References () https://github.com/vmware/harbor/issues/3755 - Exploit, Third Party Advisory () https://github.com/vmware/harbor/issues/3755 - Exploit, Third Party Advisory

Information

Published : 2017-12-15 09:29

Updated : 2024-11-21 03:18


NVD link : CVE-2017-17697

Mitre link : CVE-2017-17697

CVE.ORG link : CVE-2017-17697


JSON object : View

Products Affected

linuxfoundation

  • harbor
CWE
CWE-918

Server-Side Request Forgery (SSRF)