Security information#
Resolved security advisories, as detailed:
| ID | Status | Problem details from upstream |
|---|---|---|
| GHSA-hw28-333w-qxp3 | Resolved | Harbor fails to validate the maintainer role permissions when creating/updating/deleting project configurations. |
| GHSA-vw63-824v-qf2j | Resolved | A user with an administrator, project_admin, or project_maintainer role could utilize and exploit SQL Injection to allow the execution of any Postgres function or the extraction of sensitive information from the database. |
| GHSA-5757-v49g-f6r7 | Resolved | Under OIDC authentication mode, there is a redirect_url parameter exposed in the URL which is used to redirect the current user to the defined location after the successful OIDC login. This redirect_url can be an ambiguous URL and can be used to embed a |