CVE-2025-10760 | Harness 3.3.0 lookup_repo.go LookupRepo url server-side request forgery

A vulnerability was found in Harness 3.3.0. It has been declared as critical. This impacts the function LookupRepo of the file app/api/controller/gitspace/lookup_repo.go. Executing manipulation of the argument url can lead to server-side request forgery.

The identification of this vulnerability is CVE-2025-10760. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More