Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Linuxfoundation Subscribe
Filtered by product Harbor
Total 13 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-46463 1 Linuxfoundation 1 Harbor 2023-01-24 N/A 7.5 HIGH
** DISPUTED ** An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."
CVE-2019-19030 1 Linuxfoundation 1 Harbor 2023-01-05 N/A 5.3 MEDIUM
Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists.
CVE-2020-13794 1 Linuxfoundation 1 Harbor 2021-07-21 4.0 MEDIUM 4.3 MEDIUM
Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor.
CVE-2019-19026 2 Linuxfoundation, Pivotal 2 Harbor, Vmware Harbor Registry 2021-05-21 4.0 MEDIUM 4.9 MEDIUM
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform.
CVE-2019-19029 2 Linuxfoundation, Pivotal 2 Harbor, Vmware Harbor Registry 2021-05-21 6.5 MEDIUM 7.2 HIGH
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform.
CVE-2019-19023 2 Linuxfoundation, Pivotal 2 Harbor, Vmware Harbor Registry 2021-05-19 6.5 MEDIUM 8.8 HIGH
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform.
CVE-2019-19025 2 Linuxfoundation, Pivotal 2 Harbor, Vmware Harbor Registry 2021-05-19 6.8 MEDIUM 8.8 HIGH
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform.
CVE-2020-29662 1 Linuxfoundation 1 Harbor 2021-02-08 5.0 MEDIUM 5.3 MEDIUM
In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path.
CVE-2019-3990 1 Linuxfoundation 1 Harbor 2020-08-24 4.0 MEDIUM 4.3 MEDIUM
A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality.
CVE-2019-16097 1 Linuxfoundation 1 Harbor 2020-08-24 4.0 MEDIUM 6.5 MEDIUM
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.
CVE-2020-13788 1 Linuxfoundation 1 Harbor 2020-07-22 4.0 MEDIUM 4.3 MEDIUM
Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet.
CVE-2019-16919 2 Linuxfoundation, Vmware 3 Harbor, Cloud Foundation, Harbor Container Registry 2020-04-01 5.0 MEDIUM 7.5 HIGH
Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account.
CVE-2017-17697 1 Linuxfoundation 1 Harbor 2020-04-01 5.0 MEDIUM 8.6 HIGH
The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.