CPE Details
The Linux Foundation Harbor 1.1.0 Release Candidate 3
1.1.0
2020-04-01
13h03 +00:00
13h03 +00:00
2020-04-01
13h03 +00:00
13h03 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:linuxfoundation:harbor:1.1.0:rc3:*:*:*:*:*:*
Informations
Vendor
linuxfoundationProduct
harborVersion
1.1.0Update
rc3Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Harbor fails to validate the user permissions when updating tag retention policies. By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag retention policies configured in other projects. | 7.7 |
High |
||
| Incorrect user permission validation in Harbor 6.4 Medium | ||||
| A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information. | 6.5 |
Medium |
||
| An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature." | 7.5 |
High |
||
| Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists. | 5.3 |
Medium |
||
| Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet. | 4.3 |
Medium |
||
| The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping. | 8.6 |
High |
2025©
tesweb SA
