Security information¶
Resolved security advisories, as detailed:
ID |
Status |
Problem details from upstream |
|---|---|---|
Resolved |
Harbor fails to validate the maintainer role permissions when creating/updating/deleting project configurations. |
|
Resolved |
A user with an administrator, project_admin, or project_maintainer role could utilize and exploit SQL Injection to allow the execution of any Postgres function or the extraction of sensitive information from the database. |
|
Resolved |
Under OIDC authentication mode, there is a redirect_url parameter exposed in the URL which is used to redirect the current user to the defined location after the successful OIDC login. This redirect_url can be an ambiguous URL and can be used to embed a phishing URL. |