Harbor Security Vulnerabilities
2.7CVSS
3.5AI Score
0.0004EPSS
Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious...
4.3CVSS
4.6AI Score
0.001EPSS
A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task...
6.5CVSS
6.2AI Score
0.001EPSS
An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a...
7.5CVSS
7.4AI Score
0.076EPSS
Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource...
5.3CVSS
5.2AI Score
0.001EPSS
In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated...
5.3CVSS
5.3AI Score
0.001EPSS
Harbor 1.9. 1.10. and 2.0.* allows Exposure of Sensitive Information to an Unauthorized...
4.3CVSS
4.4AI Score
0.001EPSS
Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's...
4.3CVSS
4.4AI Score
0.001EPSS
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal...
4.9CVSS
6AI Score
0.001EPSS
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal...
8.8CVSS
8.5AI Score
0.001EPSS
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal...
8.8CVSS
8.5AI Score
0.002EPSS
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal...
7.2CVSS
7.5AI Score
0.002EPSS
A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search"...
4.3CVSS
4.5AI Score
0.001EPSS
Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper.....
7.5CVSS
7.4AI Score
0.001EPSS
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix:...
6.5CVSS
6.3AI Score
0.965EPSS
The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to...
8.6CVSS
8.5AI Score
0.006EPSS