Affected by GO-2022-0704
and 12 other vulnerabilities
GO-2022-0704 : Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030) in github.com/goharbor/harbor
GO-2022-0781 : Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) in github.com/goharbor/harbor
GO-2022-0785 : "catalog's registry v2 api exposed on unauthenticated path in Harbor" in github.com/goharbor/harbor
GO-2022-0818 : Missing Authorization in Harbor in github.com/goharbor/harbor
GO-2022-0853 : SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
GO-2022-0863 : Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
GO-2022-0865 : Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor
GO-2022-0876 : Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
GO-2022-0883 : SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
GO-2023-2109 : Harbor timing attack risk in github.com/goharbor/harbor
GO-2024-2915 : Open Redirect URL in Harbor in github.com/goharbor/harbor
GO-2024-2916 : SQL Injection in Harbor scan log API in github.com/goharbor/harbor
GO-2024-3013 : Harbor fails to validate the user permissions when updating project configurations in github.com/goharbor/harbor
Discover Packages
github.com/goharbor/harbor
src
core
auth
authproxy
package
Version:
v1.8.0
Opens a new window with list of versions in this module.
Published: May 17, 2019
License: Apache-2.0
Opens a new window with license information.
Imports: 13
Opens a new window with list of imports.
Imported by: 28
Opens a new window with list of known importers.
Documentation
Documentation
¶
Auth implements HTTP authenticator the required attributes.
The attribute Endpoint is the HTTP endpoint to which the POST request should be issued for authentication
Authenticate issues http POST request to Endpoint if it returns 200 the authentication is considered success.
OnBoardUser delegates to dao pkg to insert/update data in DB.
PostAuthenticate generates the user model and on board the user.
SearchUser returns nil as authproxy does not have such capability.
When AlwaysOnboard is set it always return the default model.
Source Files
¶
Directories
¶
Click to show internal directories.
Click to hide internal directories.