PT-2026-29917 — Cleartext Storage of Sensitive Information em Go Github.Com/Goharbor/Harbor

PT-2026-29917 · Go · Github.Com/Goharbor/Harbor

Publicado

2026-03-26

Atualizado

2026-03-26

CVSS v4.0

6.9

Média

Vetor

AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Impact

Harbor write configuration payload to audit log when configuration change, the ldap search password and oidc client secret will be logged in the audit log without redacted

Patches

Harbor v2.15.0, v2.14.3, v2.13.5

Workarounds

Disable audit log configure event in Harbor Web Console: Go to Administration -> Configuration -> Enable Audit Log Event Type -> Uncheck "Update Configuration" and click "Save" Button.

Correção

Cleartext Storage of Sensitive Information

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-312CWE-532

Identificadores relacionados

GHSA-PRH4-VHFH-24MJ

Produtos afetados

Github.Com/Goharbor/Harbor