5 matches found
CVE-2023-20902
CVE-2023-20902 affects Harbor up to specific older branches: 2.6.x and below, 2.7.2 and below, 2.8.2 and below, and 1.10.17 and below. A timing condition in Harbor permits a remote attacker (network access) to create or stop job tasks and to retrieve job task information. No public details beyond...
CVE-2019-19030
The CVE-2019-19030 issue affects Harbor (Cloud Native Computing Foundation Harbor) prior to 1.10.3 and 2.x prior to 2.0.1. Root cause: unauthenticated API calls allow resource existence checks, enabling resource enumeration via HTTP status responses. Impact: information disclosure by revealing wh...
CVE-2024-22278
CVE-2024-22278 concerns Harbor where incorrect user permission validation in Harbor <v2.9.5 and Harbor
CVE-2020-13788
Harbor (goHarbor) prior to 2.0.1 is affected by a limited SSRF vulnerability (CVE-2020-13788). If a user with project-edit permissions can access the API endpoint used to test a project webhook, they can scan TCP ports on hosts inside Harbor’s intranet. The root cause is a vulnerable “Test Endpoi...
CVE-2017-17697
Harbor (ui/api/target.go) has an SSRF vulnerability in Ping() via the endpoint parameter to /api/targets/ping, affecting Harbor up to 1.3.0-rc4. Several connected sources confirm the issue and describe exploitation path leading to information disclosure; a remediation cited in Snyk is to upgrade ...