Vulnerability Description
CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password hash and salt values. The q URL parameter allows a user to filter users by any column, and filter password=~ could be abused to leak out a user's password hash character by character. An attacker with administrator access could exploit this to leak highly sensitive information stored in the Harbor database. All endpoints that support the q URL parameter are vulnerable to this ORM leak attack.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/goharbor/harbor/releases
- https://github.com/goharbor/harbor/security/advisories/GHSA-h27m-3qw8-3pw8
- https://goharbor.io/blog/
- https://www.elttam.com/blog/plormbing-your-django-orm/
FAQ
What is CVE-2025-30086?
CVE-2025-30086 is a vulnerability with a CVSS score of 4.9 (MEDIUM). CNCF Harbor 2.13.x before 2.13.1 and 2.12.x before 2.12.4 allows information disclosure by administrators who can exploit an ORM Leak present in the /api/v2.0/users endpoint to leak users' password ha...
How severe is CVE-2025-30086?
CVE-2025-30086 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-30086?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.