Linuxfoundation: >> Harbor >> 1.10.17 Security Vulnerabilities
Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations.
CVSS Score
6.4
EPSS Score
0.001
Published
2024-08-02
An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."
CVSS Score
7.5
EPSS Score
0.786
Published
2023-01-13
Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-09-30
Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet.
CVSS Score
4.3
EPSS Score
0.007
Published
2020-07-15