Vulnerabilities > Linuxfoundation > Harbor > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-18 | CVE-2019-16919 | Incorrect Default Permissions vulnerability in multiple products Harbor API has a Broken Access Control vulnerability. | 5.0 |
| 2019-09-08 | CVE-2019-16097 | Missing Authorization vulnerability in Linuxfoundation Harbor core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. | 4.0 |
| 2017-12-15 | CVE-2017-17697 | Server-Side Request Forgery (SSRF) vulnerability in Linuxfoundation Harbor The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. | 5.0 |