Affected by GO-2022-0704
and 11 other vulnerabilities
GO-2022-0704 : Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030) in github.com/goharbor/harbor
GO-2022-0785 : "catalog's registry v2 api exposed on unauthenticated path in Harbor" in github.com/goharbor/harbor
GO-2022-0818 : Missing Authorization in Harbor in github.com/goharbor/harbor
GO-2022-0853 : SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
GO-2022-0863 : Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
GO-2022-0865 : Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor
GO-2022-0876 : Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
GO-2022-0883 : SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
GO-2023-2109 : Harbor timing attack risk in github.com/goharbor/harbor
GO-2024-2915 : Open Redirect URL in Harbor in github.com/goharbor/harbor
GO-2024-2916 : SQL Injection in Harbor scan log API in github.com/goharbor/harbor
GO-2024-3013 : Harbor fails to validate the user permissions when updating project configurations in github.com/goharbor/harbor
Discover Packages
github.com/goharbor/harbor
src
core
service
token
package
Version:
v1.7.7
Opens a new window with list of versions in this module.
Published: Aug 7, 2020
License: Apache-2.0
Opens a new window with license information.
Imports: 18
Opens a new window with list of imports.
Imported by: 160
Opens a new window with list of known importers.
Documentation
Documentation
¶
View Source
const (
Notary = "harbor-notary"
Registry = "harbor-registry"
)
InitCreators initialize the token creators for different services
MakeToken makes a valid jwt token based on parms.
Creator creates a token ready to be served based on the http request.
Handler handles request on /service/token, which is the auth provider for registry.
func (*Handler) Get ¶
Get handles GET request, it checks the http header for user credentials
and parse service and scope based on docker registry v2 standard,
checkes the permission against local DB and generates jwt token.
Source Files
¶
Click to show internal directories.
Click to hide internal directories.