Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linuxfoundation harbor vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-16097
core/api/user.go in Harbor 1.7.0 up to and including 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround...
Linuxfoundation Harbor 1.7.0
Linuxfoundation Harbor 1.8.2
Linuxfoundation Harbor 1.9.0
Linuxfoundation Harbor 1.7.1
Linuxfoundation Harbor 1.8.0
Linuxfoundation Harbor 1.7.3
Linuxfoundation Harbor 1.7.4
Linuxfoundation Harbor 1.7.5
Linuxfoundation Harbor 1.7.2
Linuxfoundation Harbor 1.8.1
6 Github repositories
1 Article
4
CVSSv2
CVE-2019-3990
A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can be obtained via ...
Linuxfoundation Harbor
Linuxfoundation Harbor 1.9.0
Linuxfoundation Harbor 1.9.1
5
CVSSv2
CVE-2017-17697
The Ping() function in ui/api/target.go in Harbor up to and including 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.
Linuxfoundation Harbor 1.3.0
Linuxfoundation Harbor
5
CVSSv2
CVE-2019-16919
Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did ...
Linuxfoundation Harbor
Linuxfoundation Harbor 1.9.0
Vmware Harbor Container Registry
Vmware Cloud Foundation -
4
CVSSv2
CVE-2019-19026
Cloud Native Computing Foundation Harbor before 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform.
Linuxfoundation Harbor
Pivotal Vmware Harbor Registry -
6.5
CVSSv2
CVE-2019-19029
Cloud Native Computing Foundation Harbor before 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform.
Linuxfoundation Harbor
Pivotal Vmware Harbor Registry -
6.5
CVSSv2
CVE-2019-19023
Cloud Native Computing Foundation Harbor before 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform.
Linuxfoundation Harbor
Pivotal Vmware Harbor Registry -
6.8
CVSSv2
CVE-2019-19025
Cloud Native Computing Foundation Harbor before 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform.
Linuxfoundation Harbor
Pivotal Vmware Harbor Registry -
NA
CVE-2019-19030
Cloud Native Computing Foundation Harbor prior to 1.10.3 and 2.x prior to 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists.
Linuxfoundation Harbor
4
CVSSv2
CVE-2020-13788
Harbor before 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet.
Linuxfoundation Harbor
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »