Lucene search
K

5 matches found

CVE
CVE
added 2023/11/09 12:36 a.m.144 views

CVE-2023-20902

CVE-2023-20902 affects Harbor up to specific older branches: 2.6.x and below, 2.7.2 and below, 2.8.2 and below, and 1.10.17 and below. A timing condition in Harbor permits a remote attacker (network access) to create or stop job tasks and to retrieve job task information. No public details beyond...

6.5CVSS5.9AI score0.00373EPSS
CVE
CVE
added 2022/12/26 12:0 a.m.106 views

CVE-2019-19030

The CVE-2019-19030 issue affects Harbor (Cloud Native Computing Foundation Harbor) prior to 1.10.3 and 2.x prior to 2.0.1. Root cause: unauthenticated API calls allow resource existence checks, enabling resource enumeration via HTTP status responses. Impact: information disclosure by revealing wh...

5.3CVSS5.2AI score0.01891EPSS
CVE
CVE
added 2024/08/02 12:59 a.m.85 views

CVE-2024-22278

CVE-2024-22278 concerns Harbor where incorrect user permission validation in Harbor <v2.9.5 and Harbor

6.4CVSS5.4AI score0.00368EPSS
CVE
CVE
added 2020/07/15 8:4 p.m.70 views

CVE-2020-13788

Harbor (goHarbor) prior to 2.0.1 is affected by a limited SSRF vulnerability (CVE-2020-13788). If a user with project-edit permissions can access the API endpoint used to test a project webhook, they can scan TCP ports on hosts inside Harbor’s intranet. The root cause is a vulnerable “Test Endpoi...

4.3CVSS4.4AI score0.01278EPSS
CVE
CVE
added 2017/12/15 9:0 a.m.61 views

CVE-2017-17697

Harbor (ui/api/target.go) has an SSRF vulnerability in Ping() via the endpoint parameter to /api/targets/ping, affecting Harbor up to 1.3.0-rc4. Several connected sources confirm the issue and describe exploitation path leading to information disclosure; a remediation cited in Snyk is to upgrade ...

8.6CVSS8.5AI score0.01389EPSS
Web