GO-2022-0865 Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor

Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor...

GO-2022-0818 Missing Authorization in Harbor in github.com/goharbor/harbor

Missing Authorization in Harbor in github.com/goharbor/harbor...

GO-2022-0704 Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030) in github.com/goharbor/harbor

Unauthenticated users can exploit an enumeration vulnerability in Harbor CVE-2019-19030 in github.com/goharbor/harbor...

GO-2024-2916 SQL Injection in Harbor scan log API in github.com/goharbor/harbor

SQL Injection in Harbor scan log API in github.com/goharbor/harbor...

Improper Authorization

github.com/goharbor/harbor is vulnerable to improper authorization. A remote authenticated attacker is able to revoke the permissions or impersonate a robot account due to improper validation of the user permissions when updating the robot account through the vulnerable updateV2Robot function...