8 matches found
CVE-2026-4404 Use of hard coded credentials in GoHarbor Harbor
Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI...
GO-2022-0865 Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor
Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor...
GO-2022-0818 Missing Authorization in Harbor in github.com/goharbor/harbor
Missing Authorization in Harbor in github.com/goharbor/harbor...
GO-2022-0704 Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030) in github.com/goharbor/harbor
Unauthenticated users can exploit an enumeration vulnerability in Harbor CVE-2019-19030 in github.com/goharbor/harbor...
GO-2024-2916 SQL Injection in Harbor scan log API in github.com/goharbor/harbor
SQL Injection in Harbor scan log API in github.com/goharbor/harbor...
Improper Authorization
github.com/goharbor/harbor is vulnerable to improper authorization. A remote authenticated attacker is able to revoke the permissions or impersonate a robot account due to improper validation of the user permissions when updating the robot account through the vulnerable updateV2Robot function...
Authorization Bypass
github.com/goharbor/harbor is vulnerable to authorization bypass. An attacker is able to gain unauthorized access to the catalog’s registry v2 API by using the path GET /v2/catalog/...
Unauthorised Admin User Account Creation
https://github.com/goharbor/harbor is vulnerable to unauthorized admin user account creation. During a registration of a non-admin user, a request from non-admin user to create admin user account is not validated, allowing a low-privileged user to create an admin user account...