Vulnerabilities > Linuxfoundation > Harbor > 1.8.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-09 | CVE-2023-20902 | Race Condition vulnerability in Linuxfoundation Harbor A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information. | 6.5 |
| 2023-01-13 | CVE-2022-46463 | Missing Authentication for Critical Function vulnerability in Linuxfoundation Harbor An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. | 7.5 |
| 2020-07-15 | CVE-2020-13788 | Server-Side Request Forgery (SSRF) vulnerability in Linuxfoundation Harbor Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet. | 4.0 |
| 2020-03-20 | CVE-2019-19029 | SQL Injection vulnerability in multiple products Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform. | 6.5 |
| 2020-03-20 | CVE-2019-19026 | SQL Injection vulnerability in multiple products Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform. | 4.0 |
| 2020-03-20 | CVE-2019-19025 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform. | 6.8 |
| 2020-03-20 | CVE-2019-19023 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform. | 6.5 |
| 2019-12-03 | CVE-2019-3990 | Improper Privilege Management vulnerability in Linuxfoundation Harbor A User Enumeration flaw exists in Harbor. | 4.0 |
| 2019-10-18 | CVE-2019-16919 | Incorrect Default Permissions vulnerability in multiple products Harbor API has a Broken Access Control vulnerability. | 5.0 |
| 2019-09-08 | CVE-2019-16097 | Missing Authorization vulnerability in Linuxfoundation Harbor core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. | 4.0 |