CVE-2019-16919

Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper...

EUVD-2019-7413

Malware in sbrugna...

CVE-2019-3990

A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via the "search" functionality...

SQL Injection in Harbor scan log API

Impact A user with an administrator, projectadmin, or projectmaintainer role could utilize and exploit SQL Injection to allow the execution of any Postgres function or the extraction of sensitive information from the database through this API: GET...

PT-2022-20880 · Harbor · Harbor

Name of the Vulnerable Software and Affected Versions: Harbor versions prior to 2.5.2 Description: The issue arises from the failure to validate user permissions when updating a robot account that belongs to a project the authenticated user doesn’t have access to. By sending a request to update a...

CVE-2019-16919

Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper...

Improper access control

Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper...

Insecure Default

Overview github.com/goharbor/harbor/src/core/api is a cloud native registry project that stores, signs, and scans content. Affected versions of this package are vulnerable to Insecure Default. Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to...

CVE-2019-16919

Harbor/CNCF Harbor API contains a Broken Access Control vulnerability (CVE-2019-16919). It can allow a project administrator to create a robot account with unauthorized push/pull permissions in a project they should not control. Affected components include Harbor API within Harbor Container Regis...

CVE-2019-16919

Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper...

Authentication Bypass

github.com/goharbor/harbor is vulnerable to authentication bypass. The vulnerability exists as an admin is able to create a robot account in another project through the Harbor API, leading to unauthorized access to push/pull/modify images in the target project...