Harbor Security Vulnerabilities and Issues — Harbor CVE List

Lucene search

LinuxfoundationHarbor

9 matches found

CVE•added 2024/11/14 12:15 p.m.•492 views

CVE-2022-31666

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects.

7.7CVSS7.5AI score0.00081EPSS

CVE•added 2024/11/14 12:15 p.m.•457 views

CVE-2022-31670

Harbor fails to validate the user permissions when updating tag retention policies. By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modifytag retention policies configured in ...

7.7CVSS7.3AI score0.00132EPSS

CVE•added 2024/11/14 12:15 p.m.•432 views

CVE-2022-31671

Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs sto...

7.4CVSS7.2AI score0.00071EPSS

CVE•added 2024/11/14 12:15 p.m.•338 views

CVE-2022-31669

Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to aproject that the currently authenticated user doesn’t have access to, the attacker couldmodify tag immutability policies config...

7.7CVSS6.4AI score0.00053EPSS

CVE•added 2024/11/14 12:15 p.m.•325 views

CVE-2022-31667

Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to. By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a differen...

6.4CVSS6.3AI score0.00065EPSS

CVE•added 2024/06/11 12:15 a.m.•90 views

CVE-2024-22261

SQL-Injection in Harbor allows priviledge users to leak the task IDs

5.5CVSS3.3AI score0.00272EPSS

CVE•added 2024/08/02 1:15 a.m.•57 views

CVE-2024-22278

Incorrect user permission validation in Harbor <v2.9.5 and Harbor

6.4CVSS5.4AI score0.00117EPSS

CVE•added 2024/11/14 12:15 p.m.•55 views

CVE-2022-31668

Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other...

7.7CVSS7.2AI score0.0007EPSS

CVE•added 2024/06/10 11:15 p.m.•53 views

CVE-2024-22244

Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and

6.1CVSS4.4AI score0.00256EPSS