Affected by GO-2022-0704
and 12 other vulnerabilities
GO-2022-0704 : Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030) in github.com/goharbor/harbor
GO-2022-0781 : Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) in github.com/goharbor/harbor
GO-2022-0785 : "catalog's registry v2 api exposed on unauthenticated path in Harbor" in github.com/goharbor/harbor
GO-2022-0818 : Missing Authorization in Harbor in github.com/goharbor/harbor
GO-2022-0853 : SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
GO-2022-0863 : Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
GO-2022-0865 : Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor
GO-2022-0876 : Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
GO-2022-0883 : SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
GO-2023-2109 : Harbor timing attack risk in github.com/goharbor/harbor
GO-2024-2915 : Open Redirect URL in Harbor in github.com/goharbor/harbor
GO-2024-2916 : SQL Injection in Harbor scan log API in github.com/goharbor/harbor
GO-2024-3013 : Harbor fails to validate the user permissions when updating project configurations in github.com/goharbor/harbor
Discover Packages
github.com/goharbor/harbor
src
core
auth
uaa
package
Version:
v1.8.2-rc1
Opens a new window with list of versions in this module.
Published: Jul 19, 2019
License: Apache-2.0
Opens a new window with license information.
Imports: 11
Opens a new window with list of imports.
Imported by: 30
Opens a new window with list of known importers.
Documentation
Documentation
¶
Auth is the implementation of AuthenticateHelper to access uaa for authentication.
OnBoardUser will check if a user exists in user table, if not insert the user and
put the id in the pointer of user model, if it does exist, return the user's profile.
PostAuthenticate will check if user exists in DB, if not on Board user, if he does, update the profile.
SearchUser search user on uaa server, transform it to Harbor's user model
Source Files
¶
Click to show internal directories.
Click to hide internal directories.