CPE-202D1FD7-85C8-4DBD-A3A9-F794114293D0 Detail

CPE Details

The Linux Foundation Harbor 2.0.3 Release Candidate 1

Vendor

linuxfoundation

Product

harbor

Version

2.0.3

Created

2020-10-29
15h52 +00:00

Modified

2020-10-29
15h52 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:linuxfoundation:harbor:2.0.3:rc1::::::

Informations

Vendor

linuxfoundation

Product

harbor

Version

2.0.3

Update

rc1

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2022-31668	2024-11-14 11h56 +00:00	Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.	7.7	High
CVE-2022-31667	2024-11-14 11h50 +00:00	Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to. By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions.	6.4	Medium
CVE-2022-31669	2024-11-14 11h48 +00:00	Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies configured in other projects.	7.7	High
CVE-2022-31670	2024-11-14 11h45 +00:00	Harbor fails to validate the user permissions when updating tag retention policies. By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag retention policies configured in other projects.	7.7	High
CVE-2022-31671	2024-11-14 11h42 +00:00	Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs stored in the Harbor database.	7.4	High
CVE-2024-22278	2024-08-02 00h59 +00:00	Incorrect user permission validation in Harbor	6.4	Medium
CVE-2022-46463	2023-01-11 23h00 +00:00	An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."	7.5	High
CVE-2020-29662	2021-02-02 19h54 +00:00	In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path.	5.3	Medium

The Linux Foundation Harbor 2.0.3 Release Candidate 1

CPE Details

CPE Name: cpe:2.3:a:linuxfoundation:harbor:2.0.3:rc1:*:*:*:*:*:*

Informations

Vendor

Product

Version

Update

Related CVE

CPE Name: cpe:2.3:a:linuxfoundation:harbor:2.0.3:rc1::::::