Linuxfoundation: >> Harbor >> 1.10.13 Security Vulnerabilities
Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations.
CVSS Score
6.4
EPSS Score
0.001
Published
2024-08-02
A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to
create jobs/stop job tasks and retrieve job task information.
CVSS Score
5.9
EPSS Score
0.003
Published
2023-11-09
An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."
CVSS Score
7.5
EPSS Score
0.786
Published
2023-01-13
Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-09-30
Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet.
CVSS Score
4.3
EPSS Score
0.007
Published
2020-07-15