GO-2022-0704
and 17 other vulnerabilities
GO-2022-0704 : Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030) in github.com/goharbor/harbor
GO-2022-0781 : Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) in github.com/goharbor/harbor
GO-2022-0785 : "catalog's registry v2 api exposed on unauthenticated path in Harbor" in github.com/goharbor/harbor
GO-2022-0818 : Missing Authorization in Harbor in github.com/goharbor/harbor
GO-2022-0853 : SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
GO-2022-0863 : Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
GO-2022-0865 : Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor
GO-2022-0876 : Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
GO-2022-0883 : SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
GO-2023-2109 : Harbor timing attack risk in github.com/goharbor/harbor
GO-2024-2915 : Open Redirect URL in Harbor in github.com/goharbor/harbor
GO-2024-2916 : SQL Injection in Harbor scan log API in github.com/goharbor/harbor
GO-2024-3013 : Harbor fails to validate the user permissions when updating project configurations in github.com/goharbor/harbor
GO-2025-3825 : Harbor repository description page has Cross-site Scripting vulnerability in github.com/goharbor/harbor
GO-2025-3825 : Harbor repository description page has Cross-site Scripting vulnerability in github.com/goharbor/harbor
GO-2025-3825 : Harbor repository description page has Cross-site Scripting vulnerability in github.com/goharbor/harbor
GO-2025-3825 : Harbor repository description page has Cross-site Scripting vulnerability in github.com/goharbor/harbor
GO-2025-3826 : Possible ORM Leak Vulnerability in the Harbor in github.com/goharbor/harbor
Discover Packages
github.com/goharbor/harbor
src
core
auth
ldap
package
Version:
v1.8.0
Opens a new window with list of versions in this module.
Published: May 17, 2019
License: Apache-2.0
Opens a new window with license information.
Imports: 13
Opens a new window with list of imports.
Imported by: 40
Opens a new window with list of known importers.
Documentation
¶
Auth implements AuthenticateHelper interface to authenticate against LDAP
Authenticate checks user's credential against LDAP based on basedn template and LDAP URL,
if the check is successful a dummy record will be inserted into DB, such that this user can
be associated to other entities in the system.
OnBoardGroup -- Create Group in harbor DB, if altGroupName is not empty, take the altGroupName as groupName in harbor DB.
OnBoardUser will check if a user exists in user table, if not insert the user and
put the id in the pointer of user model, if it does exist, return the user's profile.
PostAuthenticate -- If user exist in harbor DB, sync email address, if not exist, call OnBoardUser
SearchGroup -- Search group in ldap authenticator, groupKey is LDAP group DN.
SearchUser -- Search user in ldap
¶
Click to show internal directories.
Click to hide internal directories.
Affected by 
Documentation
¶
Source Files