19 matches found
Use Of Hard-coded Credentials
GoHarbor Harbor is vulnerable to Use of Hard-coded Credentials. The vulnerability is due to the presence of default hard-coded credentials in the application, which allows an attacker to gain unauthorized access to the web UI using known passwords...
CVE-2026-4404
Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI...
EUVD-2026-14455
Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI...
CVE-2026-4404 Use of hard coded credentials in GoHarbor Harbor
Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI...
CVE-2026-4404
CVE-2026-4404 affects Harbor
GO-2022-0863 Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor...
GO-2022-0883 SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor...
GO-2022-0865 Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor
Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor...
GO-2022-0853 SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor
SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor...
GO-2022-0818 Missing Authorization in Harbor in github.com/goharbor/harbor
Missing Authorization in Harbor in github.com/goharbor/harbor...
GO-2022-0781 Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) in github.com/goharbor/harbor
Harbor is vulnerable to a limited Server-Side Request Forgery SSRF CVE-2020-13788 in github.com/goharbor/harbor...
GO-2022-0704 Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030) in github.com/goharbor/harbor
Unauthenticated users can exploit an enumeration vulnerability in Harbor CVE-2019-19030 in github.com/goharbor/harbor...
GO-2024-3013 Harbor fails to validate the user permissions when updating project configurations in github.com/goharbor/harbor
Harbor fails to validate the user permissions when updating project configurations in github.com/goharbor/harbor...
GO-2024-2915 Open Redirect URL in Harbor in github.com/goharbor/harbor
Open Redirect URL in Harbor in github.com/goharbor/harbor...
GO-2024-2916 SQL Injection in Harbor scan log API in github.com/goharbor/harbor
SQL Injection in Harbor scan log API in github.com/goharbor/harbor...
Improper Authorization
github.com/goharbor/harbor is vulnerable to improper authorization. A remote authenticated attacker is able to revoke the permissions or impersonate a robot account due to improper validation of the user permissions when updating the robot account through the vulnerable updateV2Robot function...
Information Disclosure
github.com/goharbor/harbor is vulnerable to information disclosure. The vulnerability exists due to enumeration vulnerability in the chartrepository.go file, allowing an unauthenticated attacker to gain access to Harbor API and enumerate resources in the system...
Authorization Bypass
github.com/goharbor/harbor is vulnerable to authorization bypass. An attacker is able to gain unauthorized access to the catalog’s registry v2 API by using the path GET /v2/catalog/...
Unauthorised Admin User Account Creation
https://github.com/goharbor/harbor is vulnerable to unauthorized admin user account creation. During a registration of a non-admin user, a request from non-admin user to create admin user account is not validated, allowing a low-privileged user to create an admin user account...