Affected by GO-2022-0704
and 12 other vulnerabilities
GO-2022-0704 : Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030) in github.com/goharbor/harbor
GO-2022-0781 : Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) in github.com/goharbor/harbor
GO-2022-0785 : "catalog's registry v2 api exposed on unauthenticated path in Harbor" in github.com/goharbor/harbor
GO-2022-0818 : Missing Authorization in Harbor in github.com/goharbor/harbor
GO-2022-0853 : SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
GO-2022-0863 : Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
GO-2022-0865 : Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor
GO-2022-0876 : Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
GO-2022-0883 : SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
GO-2023-2109 : Harbor timing attack risk in github.com/goharbor/harbor
GO-2024-2915 : Open Redirect URL in Harbor in github.com/goharbor/harbor
GO-2024-2916 : SQL Injection in Harbor scan log API in github.com/goharbor/harbor
GO-2024-3013 : Harbor fails to validate the user permissions when updating project configurations in github.com/goharbor/harbor
Discover Packages
github.com/goharbor/harbor
src
common
token
package
Version:
v1.8.3-rc1
Opens a new window with list of versions in this module.
Published: Sep 16, 2019
License: Apache-2.0
Opens a new window with license information.
Imports: 10
Opens a new window with list of imports.
Imported by: 56
Opens a new window with list of known importers.
Documentation
Documentation
¶
type HToken struct {
jwt.Token
}
HToken htoken is a jwt token for harbor robot account,
which contains the robot ID, project ID and the access permission for the project.
It used for authn/authz for robot account in Harbor.
Raw get the Raw string of token
type RobotClaims struct {
jwt.StandardClaims
TokenID int64 `json:"id"`
ProjectID int64 `json:"pid"`
Access []*rbac .Policy `json:"access"`
}
RobotClaims implements the interface of jwt.Claims
Valid valid the claims "tokenID, projectID and access".
Source Files
¶
Click to show internal directories.
Click to hide internal directories.