Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Linuxfoundation Subscribe
Filtered by product Harbor

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-20902 1 Linuxfoundation 1 Harbor 2023-11-16 N/A 6.5 MEDIUM
A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below,  Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information.
CVE-2020-13794 1 Linuxfoundation 1 Harbor 2021-07-21 4.0 MEDIUM 4.3 MEDIUM
Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor.
CVE-2019-19026 2 Linuxfoundation, Pivotal 2 Harbor, Vmware Harbor Registry 2021-05-21 4.0 MEDIUM 4.9 MEDIUM
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform.
CVE-2020-29662 1 Linuxfoundation 1 Harbor 2021-02-08 5.0 MEDIUM 5.3 MEDIUM
In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path.
CVE-2019-3990 1 Linuxfoundation 1 Harbor 2020-08-24 4.0 MEDIUM 4.3 MEDIUM
A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality.
CVE-2019-16097 1 Linuxfoundation 1 Harbor 2020-08-24 4.0 MEDIUM 6.5 MEDIUM
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.
CVE-2020-13788 1 Linuxfoundation 1 Harbor 2020-07-22 4.0 MEDIUM 4.3 MEDIUM
Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet.