Linuxfoundation

Harbor

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.4

CVE-2022-31671

  • EPSS 0.31%
  • Veröffentlicht 14.11.2024 12:15:17
  • Zuletzt bearbeitet 19.11.2024 15:40:44

Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious au...

7.7

CVE-2022-31670

  • EPSS 0.23%
  • Veröffentlicht 14.11.2024 12:15:17
  • Zuletzt bearbeitet 19.11.2024 15:20:54

Harbor fails to validate the user permissions when updating tag retention policies.  By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacke...

7.7

CVE-2022-31669

  • EPSS 0.23%
  • Veröffentlicht 14.11.2024 12:15:16
  • Zuletzt bearbeitet 19.11.2024 15:20:01

Harbor fails to validate the user permissions when updating tag immutability policies.  By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the a...

7.7

CVE-2022-31668

  • EPSS 0.11%
  • Veröffentlicht 14.11.2024 12:15:16
  • Zuletzt bearbeitet 19.11.2024 15:25:25

Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker coul...

6.4

CVE-2022-31667

  • EPSS 0.31%
  • Veröffentlicht 14.11.2024 12:15:16
  • Zuletzt bearbeitet 19.11.2024 15:25:29

Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to.  By sending a request that attempts to update a robot account, and specifying a robot account i...

5.4

CVE-2022-31666

  • EPSS 0.19%
  • Veröffentlicht 14.11.2024 12:15:16
  • Zuletzt bearbeitet 20.02.2025 20:06:53

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users.  The attacker could modify Webhook policies configured in other projects.

4.3

CVE-2024-22278

  • EPSS 0.18%
  • Veröffentlicht 02.08.2024 01:15:23
  • Zuletzt bearbeitet 14.08.2024 22:15:04

Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations.

5.5

CVE-2024-22261

  • EPSS 0.27%
  • Veröffentlicht 11.06.2024 00:15:13
  • Zuletzt bearbeitet 26.02.2025 20:23:31

SQL-Injection in Harbor allows priviledge users to leak the task IDs

6.1

CVE-2024-22244

  • EPSS 0.26%
  • Veröffentlicht 10.06.2024 23:15:49
  • Zuletzt bearbeitet 26.02.2025 20:23:31

Open Redirect in Harbor  <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site.

6.5

CVE-2023-20902

Exploit
  • EPSS 0.3%
  • Veröffentlicht 09.11.2023 01:15:07
  • Zuletzt bearbeitet 21.11.2024 07:41:47

A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below,  Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information.