Skip to main content

Harbor

10 CVEs product

Monthly

CVE-2024-22278 Go MEDIUM PATCH This Month

Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Harbor
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2024-22261 Go MEDIUM PATCH This Month

SQL-Injection in Harbor allows priviledge users to leak the task IDs. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Harbor
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2024-22244 Go MEDIUM PATCH This Month

Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Harbor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-20902 Go MEDIUM POC PATCH This Month

A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Harbor
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-13794 Go MEDIUM POC PATCH This Month

Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Harbor
NVD GitHub
CVSS 3.1
4.3
EPSS
1.3%
CVE-2020-13788 Go MEDIUM POC PATCH This Month

Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Harbor
NVD GitHub
CVSS 3.1
4.3
EPSS
1.3%
CVE-2019-3990 MEDIUM PATCH This Month

A User Enumeration flaw exists in Harbor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Harbor
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2019-16919 HIGH PATCH This Week

Harbor API has a Broken Access Control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Harbor Cloud Foundation Harbor Container Registry
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-16097 Go MEDIUM POC PATCH THREAT This Month

core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Harbor
NVD GitHub
CVSS 3.1
6.5
EPSS
23.3%
CVE-2017-17697 HIGH POC This Week

The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Harbor
NVD GitHub
CVSS 3.1
8.6
EPSS
0.3%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Harbor
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

SQL-Injection in Harbor allows priviledge users to leak the task IDs. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Harbor
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Harbor
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Harbor
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Harbor
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Harbor
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A User Enumeration flaw exists in Harbor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Harbor
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Harbor API has a Broken Access Control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Harbor Cloud Foundation +1
NVD GitHub
EPSS 23% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Harbor
NVD GitHub
EPSS 0% CVSS 8.6
HIGH POC This Week

The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Harbor
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy