CVE-2025-10760
📋 TL;DR
This CVE describes a server-side request forgery (SSRF) vulnerability in Harness 3.3.0 that allows attackers to manipulate URL parameters in the LookupRepo function to make unauthorized requests from the vulnerable server. The vulnerability can be exploited remotely without authentication, potentially exposing internal systems and services. Organizations running Harness 3.3.0 are affected.
💻 Affected Systems
- Harness
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access internal services, exfiltrate sensitive data, or pivot to other systems by making the vulnerable server proxy requests to internal infrastructure.
Likely Case
Information disclosure from internal services, potential credential harvesting from metadata services, or limited internal network reconnaissance.
If Mitigated
Limited impact with proper network segmentation, egress filtering, and input validation controls in place.
🎯 Exploit Status
Proof of concept available in public repositories; exploitation appears straightforward based on published details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
Upgrade to a version beyond 3.3.0 if available; monitor Harness releases for security updates.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict validation and sanitization of URL parameters passed to the LookupRepo function
Network Segmentation
allRestrict outbound network access from Harness servers to only necessary external services
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block SSRF patterns in URL parameters
- Monitor and alert on unusual outbound requests from Harness servers to internal or external systems
🔍 How to Verify
Check if Vulnerable:
Check Harness version; if running 3.3.0, assume vulnerable. Test with controlled SSRF payloads to validate.Check Version:
Check Harness configuration or deployment manifest for version informationVerify Fix Applied:
Verify Harness version is no longer 3.3.0; test SSRF payloads to confirm they are blocked or sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual outbound HTTP requests from Harness server
- Requests to internal IP addresses or metadata services
- Failed URL validation attempts
Network Indicators:
- Harness server making unexpected outbound connections
- Requests to internal-only services from external-facing Harness instances
SIEM Query:
source="harness" AND (url="*://169.254.169.254*" OR url="*://metadata.google.internal*" OR url="*://169.254.169.253*")