Linuxfoundation Harbor

23 CVEs affecting Linuxfoundation Harbor. Latest disclosed: 2024-11-14. Critical: 0, High: 10.

Top CVEs affecting Linuxfoundation Harbor
CVESeverityScorePublishedSummary
CVE-2019-19025High8.82020-03-20Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform.
CVE-2019-19023High8.82020-03-20Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivo…
CVE-2017-17697High8.62017-12-15The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.
CVE-2022-31670High7.72024-11-14Harbor fails to validate the user permissions when updating tag retention policies.  By sending a request to update a tag retention policy with an id that bel…
CVE-2022-31666High7.72024-11-14Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users…
CVE-2022-46463High7.52023-01-13An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's…
CVE-2019-16919High7.52019-10-18Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unau…
CVE-2022-31671High7.42024-11-14Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attemp…
CVE-2022-31668High7.42024-11-14Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs t…
CVE-2019-19029High7.22020-03-20Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal…
CVE-2019-16097Medium6.52019-09-08core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as aut…
CVE-2022-31669Medium6.42024-11-14Harbor fails to validate the user permissions when updating tag immutability policies.  By sending a request to update a tag immutability policy with an id th…
CVE-2022-31667Medium6.42024-11-14Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to.  By…
CVE-2024-22278Medium6.42024-08-02Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations.
CVE-2023-20902Medium5.92023-11-09A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below,  Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network acc…
CVE-2019-19030Medium5.32022-12-26Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP…
CVE-2020-29662Medium5.32021-02-02In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path.
CVE-2019-19026Medium4.92020-03-20Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivot…
CVE-2024-22244Medium4.32024-06-10Open Redirect in Harbor  <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site.
CVE-2020-13794Medium4.32020-09-30Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor.