cvelistv5 - cve-2024-22261

CVE-2024-22261 (GCVE-0-2024-22261)

Vulnerability from cvelistv5 – Published: 2024-06-10 23:25 – Updated: 2024-08-01 22:43

Summary

SQL-Injection in Harbor allows priviledge users to leak the task IDs

Severity ?

2.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-566

Assigner

vmware

References

URL

Tags

https://github.com/goharbor/harbor/security/advis…

Impacted products

	Vendor	Product	Version
	Harbor	Harbor	Affected: 2.8.1 , ≤ 2.8.5 (custom) Affected: 2.9.0 , ≤ 2.9.3 (custom) Affected: 2.10.0 , ≤ 2.10.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22261",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-12T19:29:24.478745Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-12T20:26:08.086Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:43:34.096Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "Harbor",
          "product": "Harbor",
          "repo": "https://github.com/goharbor",
          "vendor": "Harbor",
          "versions": [
            {
              "lessThanOrEqual": "2.8.5",
              "status": "affected",
              "version": "2.8.1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.9.3",
              "status": "affected",
              "version": "2.9.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.10.1",
              "status": "affected",
              "version": "2.10.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eSQL-Injection in Harbor allows priviledge users to leak the task IDs\u003cbr\u003e\u003c/div\u003e"
            }
          ],
          "value": "SQL-Injection in Harbor allows priviledge users to leak the task IDs"
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-566",
              "description": "CWE-566",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T23:25:32.158Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "SQL Injection in Harbor scan log API",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2024-22261",
    "datePublished": "2024-06-10T23:25:32.158Z",
    "dateReserved": "2024-01-08T18:43:17.077Z",
    "dateUpdated": "2024-08-01T22:43:34.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SQL-Injection in Harbor allows priviledge users to leak the task IDs\"}, {\"lang\": \"es\", \"value\": \"La inyecci\\u00f3n SQL en Harbour permite a los usuarios con privilegios filtrar los ID de las tareas\"}]",
      "id": "CVE-2024-22261",
      "lastModified": "2024-11-21T08:55:54.960",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@vmware.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 2.7, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 1.4}]}",
      "published": "2024-06-11T00:15:13.790",
      "references": "[{\"url\": \"https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j\", \"source\": \"security@vmware.com\"}, {\"url\": \"https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@vmware.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"security@vmware.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-566\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-22261\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2024-06-11T00:15:13.790\",\"lastModified\":\"2025-02-27T15:14:51.320\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL-Injection in Harbor allows priviledge users to leak the task IDs\"},{\"lang\":\"es\",\"value\":\"La inyecci\u00f3n SQL en Harbour permite a los usuarios con privilegios filtrar los ID de las tareas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":2.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-566\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.8.1\",\"versionEndExcluding\":\"2.8.6\",\"matchCriteriaId\":\"2A5F0D1B-6415-4FCE-B1A1-B063C291AD24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.9.0\",\"versionEndExcluding\":\"2.9.4\",\"matchCriteriaId\":\"50F4F7A5-1A16-4BAD-9890-DA65E0CC9638\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.10.0\",\"versionEndExcluding\":\"2.10.2\",\"matchCriteriaId\":\"429DE716-B324-4AB0-B423-BE27288E33BB\"}]}]}],\"references\":[{\"url\":\"https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j\",\"source\":\"security@vmware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:43:34.096Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-22261\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-12T19:29:24.478745Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-12T19:29:28.852Z\"}}], \"cna\": {\"title\": \"SQL Injection in Harbor scan log API\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"data\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 2.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/goharbor\", \"vendor\": \"Harbor\", \"product\": \"Harbor\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.8.1\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.8.5\"}, {\"status\": \"affected\", \"version\": \"2.9.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.9.3\"}, {\"status\": \"affected\", \"version\": \"2.10.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.10.1\"}], \"packageName\": \"Harbor\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"SQL-Injection in Harbor allows priviledge users to leak the task IDs\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003eSQL-Injection in Harbor allows priviledge users to leak the task IDs\u003cbr\u003e\u003c/div\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-566\", \"description\": \"CWE-566\"}]}], \"providerMetadata\": {\"orgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"shortName\": \"vmware\", \"dateUpdated\": \"2024-06-10T23:25:32.158Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-22261\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T22:43:34.096Z\", \"dateReserved\": \"2024-01-08T18:43:17.077Z\", \"assignerOrgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"datePublished\": \"2024-06-10T23:25:32.158Z\", \"assignerShortName\": \"vmware\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

WID-SEC-W-2024-1263

Vulnerability from csaf_certbund - Published: 2024-05-30 22:00 - Updated: 2024-05-30 22:00

Summary

Harbor: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Harbor ist eine Registry, die die Docker Distribution erweitert, um Artefakte mit Richtlinien und rollenbasierter Zugriffskontrolle zu sichern.

Angriff

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Harbor ausnutzen, um Informationen offenzulegen und um URLs zu manipulieren.

Betroffene Betriebssysteme

- Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Harbor ist eine Registry, die die Docker Distribution erweitert, um Artefakte mit Richtlinien und rollenbasierter Zugriffskontrolle zu sichern.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Harbor ausnutzen, um Informationen offenzulegen und um URLs zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1263 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1263.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1263 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1263"
      },
      {
        "category": "external",
        "summary": "GitHub Security Database vom 2024-05-30",
        "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j"
      },
      {
        "category": "external",
        "summary": "GitHub Security Database vom 2024-05-30",
        "url": "http://github.com/goharbor/harbor/security/advisories/GHSA-5757-v49g-f6r7"
      }
    ],
    "source_lang": "en-US",
    "title": "Harbor: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-05-30T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:09:42.852+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-1263",
      "initial_release_date": "2024-05-30T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-05-30T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cv2.8.6",
                "product": {
                  "name": "Open Source Harbor \u003cv2.8.6",
                  "product_id": "T035120"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cv2.9.4",
                "product": {
                  "name": "Open Source Harbor \u003cv2.9.4",
                  "product_id": "T035121"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cv2.10.2",
                "product": {
                  "name": "Open Source Harbor \u003cv2.10.2",
                  "product_id": "T035122"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cv2.9.3",
                "product": {
                  "name": "Open Source Harbor \u003cv2.9.3",
                  "product_id": "T035124"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cv2.10.1",
                "product": {
                  "name": "Open Source Harbor \u003cv2.10.1",
                  "product_id": "T035125"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cv2.8.5",
                "product": {
                  "name": "Open Source Harbor \u003cv2.8.5",
                  "product_id": "T035126"
                }
              }
            ],
            "category": "product_name",
            "name": "Harbor"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-22261",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Harbor, die auf eine unzureichende Validierung und Bereinigung von Benutzereingaben zur\u00fcckzuf\u00fchren ist, was zu SQL-Injection f\u00fchrt. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen."
        }
      ],
      "release_date": "2024-05-30T22:00:00.000+00:00",
      "title": "CVE-2024-22261"
    },
    {
      "cve": "CVE-2024-22244",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Harbor, die auf eine unzureichende URL-Validierung w\u00e4hrend der OIDC-Authentifizierung zur\u00fcckzuf\u00fchren ist und einen Open-Redirect-Angriff erm\u00f6glicht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er b\u00f6sartige URLs erstellt, die Benutzer auf Phishing- oder b\u00f6sartige Websites umleiten."
        }
      ],
      "release_date": "2024-05-30T22:00:00.000+00:00",
      "title": "CVE-2024-22244"
    }
  ]
}

GHSA-VW63-824V-QF2J

Vulnerability from github – Published: 2024-06-02 22:32 – Updated: 2024-06-17 15:14

Summary

SQL Injection in Harbor scan log API

Details

Impact

A user with an administrator, project_admin, or project_maintainer role could utilize and exploit SQL Injection to allow the execution of any Postgres function or the extraction of sensitive information from the database through this API:

GET /api/v2.0/projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/scan/{report_id}/log

The SQL injection might happen in the code:

https://github.com/goharbor/harbor/blob/9b7c1a2274fbc5ea16e19a484532f86c08926577/src/pkg/task/task.go#L241

Because raw SQL executed in ormer.Raw(Sql).QueryRows() is PrepareStatement. In the driver of Postgres, one PrepareStatement must contain only ONE SQL command, see https://www.postgresql.org/docs/15/libpq-exec.html#LIBPQ-PQPREPARE. The SQL should start with:

SELECT * FROM task WHERE extra_attrs::jsonb->'report_uuids' @>

Adding a delete/update operation by appending malicious content to the current SQL is impossible. Furthermore, the query result of the task is just an intermediate result, the task ID is used to locate the job log file, and the response only contains the content of the job log file. so this vulnerability can be used to execute SQL functions, but it can't leak any useful information to the response.

Harbor >=v2.8.1, >=2.9.0, >=2.10.0 are impacted.

Patches

Harbor v2.8.6, v2.9.4, v2.10.2 fixes this issue.

Workarounds

There is no workaround for this issue.

Credits

Thanks Taisei Inoue (taisei.inoue@gmo-cybersecurity.com)

Severity ?

2.7 (Low)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/goharbor/harbor"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.8.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/goharbor/harbor"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/goharbor/harbor"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.10.0"
            },
            {
              "fixed": "2.10.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-22261"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-566"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-02T22:32:40Z",
    "nvd_published_at": "2024-06-11T00:15:13Z",
    "severity": "LOW"
  },
  "details": "### Impact\n\nA user with an administrator, project_admin, or project_maintainer role could utilize and exploit SQL Injection to allow the execution of any Postgres function or the extraction of sensitive information from the database through this API:\n```\nGET /api/v2.0/projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/scan/{report_id}/log\n```\nThe SQL injection might happen in the code: \n\nhttps://github.com/goharbor/harbor/blob/9b7c1a2274fbc5ea16e19a484532f86c08926577/src/pkg/task/task.go#L241\n\nBecause raw SQL executed in ormer.Raw(Sql).QueryRows() is PrepareStatement. In the driver of Postgres, one PrepareStatement must contain only ONE SQL command, see https://www.postgresql.org/docs/15/libpq-exec.html#LIBPQ-PQPREPARE.  The SQL should start with:\n```\nSELECT * FROM task WHERE extra_attrs::jsonb-\u003e\u0027report_uuids\u0027 @\u003e\n```\nAdding a delete/update operation by appending malicious content to the current SQL is impossible. Furthermore, the query result of the task is just an intermediate result, the task ID is used to locate the job log file, and the response only contains the content of the job log file. so this vulnerability can be used to execute SQL functions, but it can\u0027t leak any useful information to the response.\n\nHarbor \u003e=v2.8.1, \u003e=2.9.0, \u003e=2.10.0 are impacted.\n\n### Patches\nHarbor v2.8.6, v2.9.4, v2.10.2 fixes this issue.\n\n### Workarounds\nThere is no workaround for this issue.\n\n### Credits\n\nThanks Taisei Inoue ([taisei.inoue@gmo-cybersecurity.com](mailto:taisei.inoue@gmo-cybersecurity.com))",
  "id": "GHSA-vw63-824v-qf2j",
  "modified": "2024-06-17T15:14:41Z",
  "published": "2024-06-02T22:32:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22261"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/goharbor/harbor"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2024-2916"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SQL Injection in Harbor scan log API"
}

FKIE_CVE-2024-22261

Vulnerability from fkie_nvd - Published: 2024-06-11 00:15 - Updated: 2025-02-27 15:14

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Summary

SQL-Injection in Harbor allows priviledge users to leak the task IDs

References

	URL	Tags
	security@vmware.com	https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j	Vendor Advisory

Impacted products

Vendor	Product	Version
linuxfoundation	harbor	*
linuxfoundation	harbor	*
linuxfoundation	harbor	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A5F0D1B-6415-4FCE-B1A1-B063C291AD24",
              "versionEndExcluding": "2.8.6",
              "versionStartIncluding": "2.8.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50F4F7A5-1A16-4BAD-9890-DA65E0CC9638",
              "versionEndExcluding": "2.9.4",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "429DE716-B324-4AB0-B423-BE27288E33BB",
              "versionEndExcluding": "2.10.2",
              "versionStartIncluding": "2.10.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL-Injection in Harbor allows priviledge users to leak the task IDs"
    },
    {
      "lang": "es",
      "value": "La inyecci\u00f3n SQL en Harbour permite a los usuarios con privilegios filtrar los ID de las tareas"
    }
  ],
  "id": "CVE-2024-22261",
  "lastModified": "2025-02-27T15:14:51.320",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 2.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 1.4,
        "source": "security@vmware.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-11T00:15:13.790",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-566"
        }
      ],
      "source": "security@vmware.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2024-22261

Vulnerability from gsd - Updated: 2024-01-09 06:02

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-22261

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-22261"
      ],
      "id": "GSD-2024-22261",
      "modified": "2024-01-09T06:02:15.333772Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-22261",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-22261 (GCVE-0-2024-22261)

WID-SEC-W-2024-1263

GHSA-VW63-824V-QF2J

Impact

Patches

Workarounds

Credits

FKIE_CVE-2024-22261

GSD-2024-22261

Tags

Sightings

Nomenclature