Vulnerabilities > Linuxfoundation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-14 | CVE-2022-31667 | Incorrect Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to. By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions. | 6.4 |
| 2024-11-14 | CVE-2022-31668 | Incorrect Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects. | 7.7 |
| 2024-11-14 | CVE-2022-31669 | Incorrect Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies configured in other projects. | 7.7 |
| 2024-11-14 | CVE-2022-31670 | Incorrect Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate the user permissions when updating tag retention policies. By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag retention policies configured in other projects. | 7.7 |
| 2024-11-14 | CVE-2022-31671 | Incorrect Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. | 7.4 |
| 2024-09-02 | CVE-2024-20084 | Out-of-bounds Read vulnerability in multiple products In power, there is a possible out of bounds read due to a missing bounds check. | 4.4 |
| 2024-09-02 | CVE-2024-20085 | Out-of-bounds Read vulnerability in multiple products In power, there is a possible out of bounds read due to a missing bounds check. | 4.4 |
| 2024-09-02 | CVE-2024-20089 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products In wlan, there is a possible denial of service due to incorrect error handling. | 7.5 |
| 2024-08-02 | CVE-2024-22278 | Unspecified vulnerability in Linuxfoundation Harbor Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations. | 4.3 |
| 2024-06-06 | CVE-2024-5187 | Path Traversal vulnerability in Linuxfoundation Onnx 1.16.0 A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. | 8.8 |