URL Redirection to Untrusted Site ('Open Redirect') Affecting github.com/goharbor/harbor/src/core/controllers package, versions <2.8.5 >=2.9.0 <2.9.3 >2.10.0 <2.10.1
Threat Intelligence
EPSS
0.06% (28th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMGOHARBORHARBORSRCCORECONTROLLERS-7242925
- published 11 Jun 2024
- disclosed 10 Jun 2024
- credit Arnaud Cordier
Introduced: 10 Jun 2024
CVE-2024-22244 Open this link in a new tabHow to fix?
Upgrade github.com/goharbor/harbor/src/core/controllers
to version 2.8.5, 2.9.3, 2.10.1 or higher.
Overview
Affected versions of this package are vulnerable to URL Redirection to Untrusted Site ('Open Redirect') via the URL redirection mechanism. An attacker can redirect a user to a malicious site by manipulating the URL parameters.
Workaround
When the Harbor is configured with OIDC authentication, warn the user not to log into the Harbor through external links.
References
CVSS Scores
version 3.1