CVE-2017-17697

Published: Dec 15, 2017Modified: May 13, 2026

8.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 4.0

Source: NVD

Description

The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.

Affected (6)

Products: Linuxfoundation: Harbor

Linuxfoundation

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Linuxfoundation Harbor	Before 1.3.0
Linuxfoundation Harbor	Version 1.3.0
Linuxfoundation Harbor	Version 1.3.0 rc1
Linuxfoundation Harbor	Version 1.3.0 rc2
Linuxfoundation Harbor	Version 1.3.0 rc3
Linuxfoundation Harbor	Version 1.3.0 rc4

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

https://github.com/vmware/harbor/issues/3755

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/vmware/harbor/issues/3755

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.