Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Harbor
(Linuxfoundation)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-08-02 | CVE-2024-22278 | Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations. | Harbor | 4.3 | ||
| 2023-01-13 | CVE-2022-46463 | An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature." | Harbor | 7.5 | ||
| 2023-11-09 | CVE-2023-20902 | A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information. | Harbor | 6.5 | ||
| 2022-12-26 | CVE-2019-19030 | Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists. | Harbor | 5.3 | ||
| 2020-09-30 | CVE-2020-13794 | Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor. | Harbor | 4.3 | ||
| 2020-03-20 | CVE-2019-19026 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform. | Harbor, Vmware_harbor_registry | 4.9 | ||
| 2020-03-20 | CVE-2019-19029 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform. | Harbor, Vmware_harbor_registry | 7.2 | ||
| 2020-03-20 | CVE-2019-19023 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform. | Harbor, Vmware_harbor_registry | 8.8 | ||
| 2020-03-20 | CVE-2019-19025 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform. | Harbor, Vmware_harbor_registry | 8.8 | ||
| 2021-02-02 | CVE-2020-29662 | In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path. | Harbor | 5.3 |