Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1oMjdtLTNxdzgtM3B3OM4ABKdH

Moderate EPSS: 0.00028% (0.06051 Percentile) EPSS:
Permalink JSON

Possible ORM Leak Vulnerability in the Harbor

Affected Packages Affected Versions Fixed Versions
go:github.com/goharbor/harbor < 2.4.0-rc1.0.20250331071157-dce7d9f5cffb, >= 2.4.0-rc1.1, < 2.12.4, = 2.13.0 2.4.0-rc1.0.20250331071157-dce7d9f5cffb, 2.12.4, 2.13.1
0 Dependent packages
4 Dependent repositories

Affected Version Ranges

All affected versions

1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.2.2, 1.3.0, 1.4.0, 1.4.1, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.8.6, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.10.5, 1.10.6, 1.10.7, 1.10.8, 1.10.9, 1.10.10, 1.10.11, 1.10.12, 1.10.13, 1.10.14, 1.10.15, 1.10.16, 1.10.17, 1.10.18, 1.10.19, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.4.0, 2.4.0-rc1, 2.4.0-rc2, 2.4.1, 2.4.2, 2.4.3, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.10.0, 2.10.1, 2.10.2, 2.10.3, 2.11.0, 2.11.1, 2.11.2, 2.12.0, 2.12.1, 2.12.2, 2.12.3, 2.13.0

All unaffected versions

2.12.4, 2.13.1

Impact

Administrator users on Harbor could exploit an ORM Leak (https://www.elttam.com/blog/plormbing-your-django-orm/) vulnerability that was present in the /api/v2.0/users endpoint to leak users' password hash and salt values. This vulnerability was introduced into the application because the q URL parameter allowed the administrator to filter users by any column, and the filter password=~ could be abused to leak out a user's password hash character by character.

An attacker with administrator access could exploit this vulnerability to leak highly sensitive information stored on the Harbor database, as demonstrated in the attached writeup by the leaking of users' password hashes and salts. All endpoints that support the q URL parameter are vulnerable to this ORM leak attack, and could potentially be exploitable by lower privileged users to gain unauthorised access to other sensitive information.

Patches

No available

Workarounds

NA

References

Credit

[email protected]

References:

Identifiers

GHSA-h27m-3qw8-3pw8

CVE-2025-30086

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00028

EPSS Percentile: 0.06051

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/goharbor/harbor

Date and time

Published

6 days ago

Updated

4 days ago

API

JSON