The Linux Foundation Harbor 1.10.3 Release Candidate 1

CPE Details

The Linux Foundation Harbor 1.10.3 Release Candidate 1
linuxfoundation
harbor
1.10.3
2020-07-17
14h42 +00:00
2020-07-17
14h42 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:linuxfoundation:harbor:1.10.3:rc1:*:*:*:*:*:*

Informations

Vendor

linuxfoundation

Product

harbor

Version

1.10.3

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-31670 2024-11-14 11h45 +00:00 Harbor fails to validate the user permissions when updating tag retention policies.  By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag retention policies configured in other projects.
7.7
High
CVE-2024-22278 2024-08-02 00h59 +00:00 Incorrect user permission validation in Harbor
6.4
Medium
CVE-2023-20902 2023-11-09 00h36 +00:00 A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below,  Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information.
6.5
Medium
CVE-2022-46463 2023-01-11 23h00 +00:00 An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."
7.5
High
CVE-2020-13794 2020-09-29 18h17 +00:00 Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor.
4.3
Medium
CVE-2020-13788 2020-07-15 18h04 +00:00 Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet.
4.3
Medium