| id: GO-2022-0785 |
| modules: |
| - module: github.com/goharbor/harbor |
| versions: |
| - fixed: 2.0.5+incompatible |
| - introduced: 2.1.0+incompatible |
| - fixed: 2.1.2+incompatible |
| vulnerable_at: 2.1.2-rc1+incompatible |
| summary: '"catalog''s registry v2 api exposed on unauthenticated path in Harbor" in github.com/goharbor/harbor' |
| cves: |
| - CVE-2020-29662 |
| ghsas: |
| - GHSA-38r5-34mr-mvm7 |
| references: |
| - advisory: https://github.com/goharbor/harbor/security/advisories/GHSA-38r5-34mr-mvm7 |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-29662 |
| - fix: https://github.com/goharbor/harbor/commit/3481722f140e1fdf6e6d290b0cd5c86e509feed4 |
| - fix: https://github.com/goharbor/harbor/commit/c7c409a8e5a8b3fd42841dda84759c9d77977853 |
| - fix: https://github.com/goharbor/harbor/pull/13676 |
| - web: https://github.com/goharbor/harbor/releases/tag/v2.0.5 |
| - web: https://github.com/goharbor/harbor/releases/tag/v2.1.2 |
| source: |
| id: GHSA-38r5-34mr-mvm7 |
| created: 2024-08-20T14:14:39.666119-04:00 |
| review_status: UNREVIEWED |
| unexcluded: NOT_IMPORTABLE |
