GHSA-PRH4-VHFH-24MJ: Information Exposure in Harbor Configuration Audit Logs Vulnerability ID: GHSA-PRH4-VHFH-24MJ CVSS Score: 5.3 Published: 2026-03-26 Harbor, an open-source cloud native registry, contains a Moderate severity vulnerability (CWE-532) in its audit logging subsystem. The application

GHSA-PRH4-VHFH-24MJ: Information Exposure in Harbor Configuration Audit Logs

Vulnerability ID: GHSA-PRH4-VHFH-24MJ
CVSS Score: 5.3
Published: 2026-03-26

Harbor, an open-source cloud native registry, contains a Moderate severity vulnerability (CWE-532) in its audit logging subsystem. The application relies on an incomplete blacklist to redact sensitive data from configuration payloads. This failure causes LDAP passwords, specifically ldap_search_password, and OpenID Connect (OIDC) client secrets to be written to the database in plain text within the operation description field. This vulnerability allows authorized users with audit log access to retrieve enterprise directory credentials.

TL;DR

Harbor fails to properly redact sensitive configuration parameters from its audit logs. This exposes LDAP and OIDC credentials in plain text to any user with audit log read access, requiring an upgrade to version 2.15.0 and immediate rotation of exposed secrets.

Technical Details

Vulnerability Class: CWE-532: Insertion of Sensitive Information into Log File
Attack Vector: Authenticated Application Access (Audit Logs)
Impact: Exposure of External Directory Credentials (LDAP/OIDC)
Exploit Status: Unexploited / No Public PoC
Fix Approach: Deny-all / Complete Payload Removal from Logs
Key Vulnerable Component: src/pkg/auditext/event/config/config.go

Affected Systems

Harbor Container Registry (< 2.15.0)
Harbor: < 2.15.0 (Fixed in: 2.15.0)

Code Analysis

Commit: 85e7564

Fix: Adopt a deny-all approach for configuration audit logs by replacing payload interpolation with a static string.

Mitigation Strategies

Upgrade to Harbor v2.15.0 or later to completely remove configuration request payloads from audit logging.
Purge or manually redact historical configuration update entries within the audit_log database table.
Enforce the principle of least privilege for the LDAP service account used by Harbor.
Proactively monitor logs for unauthorized access attempts originating from Harbor-associated service accounts.

Remediation Steps:

Identify the current version of Harbor running in your environment.
Pull the Harbor v2.15.0 (or newer) release and apply the upgrade according to official documentation.
Connect to the Harbor backing database and query the audit_log table for rows where the op_desc field contains sensitive configuration data.
Delete or obfuscate the identified legacy log entries.
Generate new LDAP bind passwords and OIDC client secrets.
Update the new credentials in the Harbor management interface to ensure directory synchronization is maintained.

References

Read the full report for GHSA-PRH4-VHFH-24MJ on our website for more details including interactive diagrams and full exploit analysis.

GHSA-PRH4-VHFH-24MJ: Information Exposure in Harbor Configuration Audit Logs

Vulnerability ID: GHSA-PRH4-VHFH-24MJ
CVSS Score: 5.3
Published: 2026-03-26

TL;DR

Technical Details

Vulnerability Class: CWE-532: Insertion of Sensitive Information into Log File
Attack Vector: Authenticated Application Access (Audit Logs)
Impact: Exposure of External Directory Credentials (LDAP/OIDC)
Exploit Status: Unexploited / No Public PoC
Fix Approach: Deny-all / Complete Payload Removal from Logs
Key Vulnerable Component: src/pkg/auditext/event/config/config.go

Affected Systems

Harbor Container Registry (< 2.15.0)
Harbor: < 2.15.0 (Fixed in: 2.15.0)

Code Analysis

Commit: 85e7564

Fix: Adopt a deny-all approach for configuration audit logs by replacing payload interpolation with a static string.

Mitigation Strategies

Upgrade to Harbor v2.15.0 or later to completely remove configuration request payloads from audit logging.
Purge or manually redact historical configuration update entries within the audit_log database table.
Enforce the principle of least privilege for the LDAP service account used by Harbor.
Proactively monitor logs for unauthorized access attempts originating from Harbor-associated service accounts.

Remediation Steps:

Identify the current version of Harbor running in your environment.
Pull the Harbor v2.15.0 (or newer) release and apply the upgrade according to official documentation.
Connect to the Harbor backing database and query the audit_log table for rows where the op_desc field contains sensitive configuration data.
Delete or obfuscate the identified legacy log entries.
Generate new LDAP bind passwords and OIDC client secrets.
Update the new credentials in the Harbor management interface to ensure directory synchronization is maintained.

References

Read the full report for GHSA-PRH4-VHFH-24MJ on our website for more details including interactive diagrams and full exploit analysis.

GHSA-PRH4-VHFH-24MJ: GHSA-PRH4-VHFH-24MJ: Information Exposure in Harbor Configuration Audit Logs

GHSA-PRH4-VHFH-24MJ: Information Exposure in Harbor Configuration Audit Logs

TL;DR

Technical Details

Affected Systems

Code Analysis

Commit: 85e7564

Mitigation Strategies

References

Related Stories

Stop Copying Skills Between Claude Code, Cursor, and Codex

Agentic Architectures — Article 2: Advanced Coordination and Reasoning Patterns

Agentic Architectures — Article 1: The Agentic AI Maturity Model

Reimagining Creativity: Inside IdeaForge

GHSA-PRH4-VHFH-24MJ: GHSA-PRH4-VHFH-24MJ: Information Exposure in Harbor Configuration Audit Logs

GHSA-PRH4-VHFH-24MJ: Information Exposure in Harbor Configuration Audit Logs

TL;DR

Technical Details

Affected Systems

Code Analysis

Commit: 85e7564

Mitigation Strategies

References

Related Stories

Stop Copying Skills Between Claude Code, Cursor, and Codex

Agentic Architectures — Article 2: Advanced Coordination and Reasoning Patterns

Agentic Architectures — Article 1: The Agentic AI Maturity Model

Reimagining Creativity: Inside IdeaForge