Linuxfoundation

Harbor

23 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.4

CVE-2022-31671

  • EPSS 0.31%
  • Published 14.11.2024 12:15:17
  • Last modified 19.11.2024 15:40:44

Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious au...

7.7

CVE-2022-31670

  • EPSS 0.23%
  • Published 14.11.2024 12:15:17
  • Last modified 19.11.2024 15:20:54

Harbor fails to validate the user permissions when updating tag retention policies.  By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacke...

7.7

CVE-2022-31669

  • EPSS 0.23%
  • Published 14.11.2024 12:15:16
  • Last modified 19.11.2024 15:20:01

Harbor fails to validate the user permissions when updating tag immutability policies.  By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the a...

7.7

CVE-2022-31668

  • EPSS 0.11%
  • Published 14.11.2024 12:15:16
  • Last modified 19.11.2024 15:25:25

Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker coul...

6.4

CVE-2022-31667

  • EPSS 0.31%
  • Published 14.11.2024 12:15:16
  • Last modified 19.11.2024 15:25:29

Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to.  By sending a request that attempts to update a robot account, and specifying a robot account i...

5.4

CVE-2022-31666

  • EPSS 0.19%
  • Published 14.11.2024 12:15:16
  • Last modified 20.02.2025 20:06:53

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users.  The attacker could modify Webhook policies configured in other projects.

4.3

CVE-2024-22278

  • EPSS 0.18%
  • Published 02.08.2024 01:15:23
  • Last modified 14.08.2024 22:15:04

Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations.

5.5

CVE-2024-22261

  • EPSS 0.27%
  • Published 11.06.2024 00:15:13
  • Last modified 26.02.2025 20:23:31

SQL-Injection in Harbor allows priviledge users to leak the task IDs

6.1

CVE-2024-22244

  • EPSS 0.26%
  • Published 10.06.2024 23:15:49
  • Last modified 26.02.2025 20:23:31

Open Redirect in Harbor  <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site.

6.5

CVE-2023-20902

Exploit
  • EPSS 0.3%
  • Published 09.11.2023 01:15:07
  • Last modified 21.11.2024 07:41:47

A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below,  Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information.