Vulnerabilities > Linuxfoundation > Harbor

DATE CVE VULNERABILITY TITLE RISK
2019-12-03 CVE-2019-3990 Improper Privilege Management vulnerability in Linuxfoundation Harbor
A User Enumeration flaw exists in Harbor.
network
low complexity
linuxfoundation CWE-269
4.0
4.0
2019-10-18 CVE-2019-16919 Incorrect Default Permissions vulnerability in multiple products
Harbor API has a Broken Access Control vulnerability.
network
low complexity
linuxfoundation vmware CWE-276
5.0
5.0
2019-09-08 CVE-2019-16097 Missing Authorization vulnerability in Linuxfoundation Harbor
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration.
network
low complexity
linuxfoundation CWE-862
4.0
4.0
2017-12-15 CVE-2017-17697 Server-Side Request Forgery (SSRF) vulnerability in Linuxfoundation Harbor
The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.
network
low complexity
linuxfoundation CWE-918
5.0
5.0