exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 76

GHSA-xx9w-464f-7h6f

почти 3 года назад

Harbor fails to validate the user permissions when updating a robot account

CVSS3: 6.4

EPSS: Низкий

GHSA-r864-28pw-8682

7 месяцев назад

Harbor fails to validate the user permissions when updating p2p preheat policies

CVSS3: 7.4

EPSS: Низкий

GHSA-q9x4-q76f-5h5j

больше 3 лет назад

Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030)

CVSS3: 5.3

EPSS: Средний

GHSA-q9p8-33wc-h432

около 4 лет назад

Authenticated users can exploit an enumeration vulnerability in Harbor

CVSS3: 4.3

EPSS: Низкий

GHSA-q76q-q8hw-hmpw

почти 3 года назад

Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs

CVSS3: 5

EPSS: Низкий

GHSA-mq6f-5xh5-hgcf

больше 1 года назад

Harbor timing attack risk

CVSS3: 5.9

EPSS: Низкий

GHSA-hw28-333w-qxp3

11 месяцев назад

Harbor fails to validate the user permissions when updating project configurations

CVSS3: 5.5

EPSS: Низкий

GHSA-9wvh-ff5f-xjpj

больше 3 лет назад

Missing Authorization in Harbor

CVSS3: 6.5

EPSS: Критический

GHSA-8c6p-v837-77f6

почти 3 года назад

Harbor fails to validate the user permissions when updating tag immutability policies

CVSS3: 6.4

EPSS: Низкий

GHSA-5c53-mg2q-8qhc

больше 2 лет назад

An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication.

CVSS3: 7.5

EPSS: Высокий

GHSA-58rv-96r6-2cpw

около 3 лет назад

The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.

CVSS3: 8.6

EPSS: Низкий

GHSA-5757-v49g-f6r7

около 1 года назад

Open Redirect URL in Harbor

CVSS3: 4.3

EPSS: Низкий

GHSA-38r5-34mr-mvm7

больше 3 лет назад

"catalog's registry v2 api exposed on unauthenticated path in Harbor"

CVSS3: 5.3

EPSS: Низкий

GHSA-3637-v6vq-xqqw

почти 3 года назад

Harbor fails to validate the user permissions when updating tag retention policies

CVSS3: 7.7

EPSS: Низкий

GHSA-33p6-fx42-7rf5

больше 3 лет назад

Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788)

CVSS3: 4.4

EPSS: Низкий

CVE-2024-22278

11 месяцев назад

Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations.

CVSS3: 6.4

EPSS: Низкий

CVE-2024-22244

около 1 года назад

Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site.

CVSS3: 4.3

EPSS: Низкий

CVE-2023-20902

больше 1 года назад

A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information.

CVSS3: 5.9

EPSS: Низкий

CVE-2022-46463

больше 2 лет назад

An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."

CVSS3: 7.5

EPSS: Высокий

CVE-2022-31671

7 месяцев назад

Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs stored in the Harbor database.

CVSS3: 7.4

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
GHSA-xx9w-464f-7h6f Harbor fails to validate the user permissions when updating a robot account	CVSS3: 6.4	0% Низкий	почти 3 года назад
GHSA-r864-28pw-8682 Harbor fails to validate the user permissions when updating p2p preheat policies	CVSS3: 7.4	0% Низкий	7 месяцев назад
GHSA-q9x4-q76f-5h5j Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030)	CVSS3: 5.3	33% Средний	больше 3 лет назад
GHSA-q9p8-33wc-h432 Authenticated users can exploit an enumeration vulnerability in Harbor	CVSS3: 4.3	0% Низкий	около 4 лет назад
GHSA-q76q-q8hw-hmpw Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs	CVSS3: 5	0% Низкий	почти 3 года назад
GHSA-mq6f-5xh5-hgcf Harbor timing attack risk	CVSS3: 5.9	0% Низкий	больше 1 года назад
GHSA-hw28-333w-qxp3 Harbor fails to validate the user permissions when updating project configurations	CVSS3: 5.5	0% Низкий	11 месяцев назад
GHSA-9wvh-ff5f-xjpj Missing Authorization in Harbor	CVSS3: 6.5	93% Критический	больше 3 лет назад
GHSA-8c6p-v837-77f6 Harbor fails to validate the user permissions when updating tag immutability policies	CVSS3: 6.4	0% Низкий	почти 3 года назад
GHSA-5c53-mg2q-8qhc An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication.	CVSS3: 7.5	78% Высокий	больше 2 лет назад
GHSA-58rv-96r6-2cpw The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.	CVSS3: 8.6	0% Низкий	около 3 лет назад
GHSA-5757-v49g-f6r7 Open Redirect URL in Harbor	CVSS3: 4.3	0% Низкий	около 1 года назад
GHSA-38r5-34mr-mvm7 "catalog's registry v2 api exposed on unauthenticated path in Harbor"	CVSS3: 5.3	0% Низкий	больше 3 лет назад
GHSA-3637-v6vq-xqqw Harbor fails to validate the user permissions when updating tag retention policies	CVSS3: 7.7	0% Низкий	почти 3 года назад
GHSA-33p6-fx42-7rf5 Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788)	CVSS3: 4.4	1% Низкий	больше 3 лет назад
CVE-2024-22278 Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations.	CVSS3: 6.4	0% Низкий	11 месяцев назад
CVE-2024-22244 Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site.	CVSS3: 4.3	0% Низкий	около 1 года назад
CVE-2023-20902 A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information.	CVSS3: 5.9	0% Низкий	больше 1 года назад
CVE-2022-46463 An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."	CVSS3: 7.5	78% Высокий	больше 2 лет назад
CVE-2022-31671 Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs stored in the Harbor database.	CVSS3: 7.4	0% Низкий	7 месяцев назад

Уязвимостей на страницу