Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:linuxfoundation:harbor:2.1.6:-:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-31671 |
Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs stored in the Harbor database. Published: November 14, 2024; 7:15:17 AM -0500 |
V4.0:(not available) V3.1: 7.4 HIGH V2.0:(not available) |
CVE-2022-31670 |
Harbor fails to validate the user permissions when updating tag retention policies. By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag retention policies configured in other projects. Published: November 14, 2024; 7:15:17 AM -0500 |
V4.0:(not available) V3.1: 7.7 HIGH V2.0:(not available) |
CVE-2022-31669 |
Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies configured in other projects. Published: November 14, 2024; 7:15:16 AM -0500 |
V4.0:(not available) V3.1: 7.7 HIGH V2.0:(not available) |
CVE-2022-31668 |
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects. Published: November 14, 2024; 7:15:16 AM -0500 |
V4.0:(not available) V3.1: 7.7 HIGH V2.0:(not available) |
CVE-2022-31667 |
Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to. By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions. Published: November 14, 2024; 7:15:16 AM -0500 |
V4.0:(not available) V3.1: 6.4 MEDIUM V2.0:(not available) |
CVE-2024-22278 |
Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations. Published: August 01, 2024; 9:15:23 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2022-46463 |
An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature." Published: January 12, 2023; 7:15:09 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |