Vulnerabilities > Linuxfoundation > Harbor
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-13 | CVE-2022-46463 | Missing Authentication for Critical Function vulnerability in Linuxfoundation Harbor An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. | 7.5 |
| 2022-12-26 | CVE-2019-19030 | Unspecified vulnerability in Linuxfoundation Harbor Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists. | 5.3 |
| 2021-02-02 | CVE-2020-29662 | Cleartext Transmission of Sensitive Information vulnerability in Linuxfoundation Harbor In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path. | 5.3 |
| 2020-09-30 | CVE-2020-13794 | Missing Authorization vulnerability in Linuxfoundation Harbor Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor. | 4.3 |
| 2020-07-15 | CVE-2020-13788 | Server-Side Request Forgery (SSRF) vulnerability in Linuxfoundation Harbor Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet. | 4.3 |
| 2020-03-20 | CVE-2019-19029 | SQL Injection vulnerability in multiple products Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform. | 7.2 |
| 2020-03-20 | CVE-2019-19026 | SQL Injection vulnerability in multiple products Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform. | 4.9 |
| 2020-03-20 | CVE-2019-19025 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform. | 8.8 |
| 2020-03-20 | CVE-2019-19023 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform. | 8.8 |
| 2019-12-03 | CVE-2019-3990 | Improper Privilege Management vulnerability in Linuxfoundation Harbor A User Enumeration flaw exists in Harbor. | 4.3 |