← voltar
CVE-2025-10760

Harness lookup_repo.go LookupRepo server-side request forgery

CVSS 5.3 MEDIUMEPSS 0.3%CWE-918
A flaw has been found in Harness 3.3.0. This impacts the function LookupRepo of the file app/api/controller/gitspace/lookup_repo.go. Executing manipulation of the argument url can lead to server-side request forgery. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Produtos afetados
n/a · Harness

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/August829/Yu/blob/main/58ead8e7e08bfb019.mdhttps://github.com/August829/Yu/blob/main/58ead8e7e08bfb019.md#pochttps://vuldb.com/?ctiid.325115https://vuldb.com/?id.325115https://vuldb.com/?submit.646843