Harbor Timing Issue (<=2.6.x,<=2.7.2,<=2.8.2,<=1.10.17)
CVE-2023-20902 Published on November 9, 2023
Timing attack risk in Harbor
A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to
create jobs/stop job tasks and retrieve job task information.
Vulnerability Analysis
CVE-2023-20902 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Products Associated with CVE-2023-20902
Want to know whenever a new CVE is published for Linux Foundation Harbor? stack.watch will email you.
Affected Versions
Harbor Project Version <=Harbor 2.6.x, <=Harbor 2.7.2, <=Harbor 2.8.2, <=Harbor 1.10.17 is affected by CVE-2023-20902Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.