Harbor v2.6.3 multiple openssh and nginix vulnerabilities
search cancel

Harbor v2.6.3 multiple openssh and nginix vulnerabilities

book

Article ID: 420309

calendar_today

Updated On:

Products

VMware Telco Cloud Automation

Issue/Introduction

The reported vulnerability concerns the legacy, VM-based deployment of Harbor 2.6.3, which was used in older TCP releases (e.g., TCP 3.0).

Environment

3.x

Cause

Deprecated openssh and nginix versions in the legacy VM-based deployment of Harbor 2.6.3

Resolution

TCP 5.0.1 now ships with Harbor 2.10.2. This version is based on a Cloud Native solution and is deployed as a CNF. See Harbor for CNFs Deployment and Configuration Guide
 
In contrast, Harbor 2.6.3 was originally intended for TCP 3.0. This is a VM-based solution where the customer is responsible for providing their own Photon or Linux VM. Since the VM and its operating system shell are not provided by VMware (Broadcom), the security of these components falls under the customer's responsibility.
Powered by Wolken Software