Linuxfoundation Harbor
23 CVEs affecting Linuxfoundation Harbor. Latest disclosed: 2024-11-14. Critical: 0, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-19025 | High | 8.8 | 2020-03-20 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform. |
CVE-2019-19023 | High | 8.8 | 2020-03-20 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivo… |
CVE-2017-17697 | High | 8.6 | 2017-12-15 | The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. |
CVE-2022-31670 | High | 7.7 | 2024-11-14 | Harbor fails to validate the user permissions when updating tag retention policies. By sending a request to update a tag retention policy with an id that bel… |
CVE-2022-31666 | High | 7.7 | 2024-11-14 | Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users… |
CVE-2022-46463 | High | 7.5 | 2023-01-13 | An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's… |
CVE-2019-16919 | High | 7.5 | 2019-10-18 | Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unau… |
CVE-2022-31671 | High | 7.4 | 2024-11-14 | Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attemp… |
CVE-2022-31668 | High | 7.4 | 2024-11-14 | Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs t… |
CVE-2019-19029 | High | 7.2 | 2020-03-20 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal… |
CVE-2019-16097 | Medium | 6.5 | 2019-09-08 | core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as aut… |
CVE-2022-31669 | Medium | 6.4 | 2024-11-14 | Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id th… |
CVE-2022-31667 | Medium | 6.4 | 2024-11-14 | Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to. By… |
CVE-2024-22278 | Medium | 6.4 | 2024-08-02 | Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations. |
CVE-2023-20902 | Medium | 5.9 | 2023-11-09 | A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network acc… |
CVE-2019-19030 | Medium | 5.3 | 2022-12-26 | Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP… |
CVE-2020-29662 | Medium | 5.3 | 2021-02-02 | In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path. |
CVE-2019-19026 | Medium | 4.9 | 2020-03-20 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivot… |
CVE-2024-22244 | Medium | 4.3 | 2024-06-10 | Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site. |
CVE-2020-13794 | Medium | 4.3 | 2020-09-30 | Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor. |