📦

harbor

Vendor: linuxfoundation

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 0 Remote Access

Total CVEs 39 Total Indexed

Avg. EPSS 8.51% Exploit Prob.

Latest CVE CVE-2022-31671 Nov 14

Security Vulnerability Index

Page 3 / 4

7.5 CVSS

CVE-2019-16919

Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account.

EPSS: 0.41%

Severity: HIGH

Oct 18, 2019

6.5 CVSS

CVE-2019-16097

core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without applying the fix: configure Harbor to use non-DB authentication backend such as LDAP.

EPSS: 93.58%

Severity: MEDIUM

Sep 08, 2019

8.6 CVSS

CVE-2017-17697

The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.

EPSS: 0.28%

Severity: HIGH

Dec 15, 2017

Displaying 3 of 39 Total Entries

1 2 3 4

Total 4 Sections