Question 1

What is CVE-2023-20902?

Accepted Answer

CVE-2023-20902 is a medium-severity software vulnerability (CWE-362) with a CVSS score of 5.9. A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below,  Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to 
create jobs/stop job tasks and retrieve job task information.

Question 2

Is CVE-2023-20902 being actively exploited?

Accepted Answer

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 0%.

Question 3

What products does CVE-2023-20902 affect?

Accepted Answer

Tracked products affected include Harbor. Check the version you run to see whether it is affected.

Question 4

How do I fix CVE-2023-20902?

Accepted Answer

Apply the vendor fix in your normal patch cycle. Upgrade affected products to a fixed version.

CVE-2023-20902

Summary

Impact & exploitability

Affected products we track (1)

Recommendation

Additional information