Known Vulnerabilities for Harbor by Linuxfoundation
Listed below are 10 of the newest known vulnerabilities associated with "Harbor" by "Linuxfoundation".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-29662 | In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path. | 5.3 - MEDIUM | 2021-02-02 | 2021-02-08 |
| CVE-2020-13794 | Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor. | 4.3 - MEDIUM | 2020-09-30 | 2021-07-21 |
| CVE-2020-13788 | Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts... | 4.3 - MEDIUM | 2020-07-15 | 2020-07-22 |
| CVE-2019-19029 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor C... | 7.2 - HIGH | 2020-03-20 | 2021-05-21 |
| CVE-2019-19026 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbo... | 4.9 - MEDIUM | 2020-03-20 | 2021-05-21 |
| CVE-2019-19025 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the... | 8.8 - HIGH | 2020-03-20 | 2021-05-19 |
| CVE-2019-19023 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harb... | 8.8 - HIGH | 2020-03-20 | 2021-05-19 |
| CVE-2019-16919 | Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API t... | 7.5 - HIGH | 2019-10-18 | 2020-04-01 |
| CVE-2019-16097 | core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, w... | 6.5 - MEDIUM | 2019-09-08 | 2020-08-24 |
| CVE-2019-3990 | A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be ... | 4.3 - MEDIUM | 2019-12-03 | 2020-08-24 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Linuxfoundation | Harbor | 2.2.0 | - | All | All |
| Application | Linuxfoundation | Harbor | 2.2.0 | rc1 | All | All |
| Application | Linuxfoundation | Harbor | 2.2.0 | rc2 | All | All |
| Application | Linuxfoundation | Harbor | 2.2.0 | rc3 | All | All |
| Application | Linuxfoundation | Harbor | 2.2.0 | rc4 | All | All |
| Application | Linuxfoundation | Harbor | 2.1.4 | - | All | All |
| Application | Linuxfoundation | Harbor | 2.1.4 | rc1 | All | All |
| Application | Linuxfoundation | Harbor | 2.1.4 | rc2 | All | All |
| Application | Linuxfoundation | Harbor | 2.1.3 | - | All | All |
| Application | Linuxfoundation | Harbor | 2.1.3 | rc1 | All | All |
| Application | Linuxfoundation | Harbor | 2.1.3 | rc2 | All | All |
| Application | Linuxfoundation | Harbor | 2.1.2 | - | All | All |
| Application | Linuxfoundation | Harbor | 2.1.2 | rc1 | All | All |
| Application | Linuxfoundation | Harbor | 2.1.1 | - | All | All |
| Application | Linuxfoundation | Harbor | 2.1.1 | rc1 | All | All |
| Application | Linuxfoundation | Harbor | 2.1.0 | - | All | All |
| Application | Linuxfoundation | Harbor | 2.1.0 | rc1 | All | All |
| Application | Linuxfoundation | Harbor | 2.1.0 | rc2 | All | All |
| Application | Linuxfoundation | Harbor | 2.1.0 | rc3 | All | All |
| Application | Linuxfoundation | Harbor | 2.0.6 | - | All | All |