{"id":70587,"date":"2025-09-21T13:31:52","date_gmt":"2025-09-21T10:01:52","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-10760-harness-ssrf\/"},"modified":"2025-09-21T13:31:52","modified_gmt":"2025-09-21T10:01:52","slug":"cve-2025-10760-harness-ssrf","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-10760-harness-ssrf\/","title":{"rendered":"CVE-2025-10760 &#8211; Harness SSRF"},"content":{"rendered":"<p><strong>CVE ID : <\/strong>CVE-2025-10760<br \/>\n<br \/>\n<strong>Published : <\/strong> Sept. 21, 2025, 7:08 a.m. | 2\u00a0hours, 1\u00a0minute ago<br \/>\n<br \/>\n<strong>Description : <\/strong>A flaw has been found in Harness 3.3.0. This impacts the function LookupRepo of the file app\/api\/controller\/gitspace\/lookup_repo.go. Executing manipulation of the argument url can lead to server-side request forgery. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.<br \/>\n<br \/>\n<strong>Severity:<\/strong> 0.0 | NA<br \/>\n<br \/>\nVisit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-10760 Published : Sept. 21, 2025, 7:08 a.m. | 2\u00a0hours, 1\u00a0minute ago Description : A flaw has been found in Harness 3.3.0. This impacts the function LookupRepo of the file app\/api\/controller\/gitspace\/lookup_repo.go. Executing manipulation of the argument url can lead to server-side request forgery. The attack may be launched remotely. The exploit has &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-70587","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/70587","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=70587"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/70587\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=70587"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=70587"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=70587"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}