HIGH7.7CVE-2022-31666Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies >= 2.0.0, < 2.4.3, >= 2.5.0, < 2.5.2
HIGH7.7CVE-2022-31670Harbor fails to validate the user permissions when updating tag retention policies >= 1.0.0, < 1.10.13, >= 2.0.0, < 2.4.3, >= 2.5.0, < 2.5.2
HIGH7.5CVE-2022-46463An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. >= 1.1.0, < 2.5.4
HIGH7.4User permission validation failure and disclosure of P2P preheat execution logs
>= 2.0.0, < 2.4.3, >= 2.5.0, < 2.5.2
MEDIUM6.4Harbor fails to validate the user permissions when updating a robot account
>= 2.0.0, < 2.4.3, >= 2.5.0, < 2.5.2
MEDIUM6.4Harbor fails to validate the user permissions when updating tag immutability policies
>= 2.0.0, < 2.4.3, >= 2.5.0, < 2.5.2
MEDIUM5.9Timing attack risk in Harbor
from 0, < 1.10.17, >= 2.6.0, < 2.6.5, >= 2.7.0, < 2.7.3, >= 2.8.0, < 2.8.3
MEDIUM5.5Harbor fails to validate the user permissions when updating project configurations
from 0, < 2.11.0
MEDIUM5.3"catalog's registry v2 api exposed on unauthenticated path in Harbor" in github.com/goharbor/harbor
>= 2.0.0, < 2.0.5, >= 2.1.0, < 2.1.2
MEDIUM5.0Harbor fails to validate the user permissions when reading and updating job execution logs through the P2P preheat execution logs
>= 2.0.0, < 2.4.3, >= 2.5.0, < 2.5.2
MEDIUM4.4Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) in github.com/goharbor/harbor
from 0, < 2.0.1
MEDIUM4.3Harbor Open Redirect URL
>= 2.8.0, < 2.10.1
MEDIUM4.3Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor
>= 1.9.0, < 2.0.3
MEDIUM4.1Harbor's repository description page allows for XSS
from 0, < 2.11.3
LOW2.7SQL Injection in Harbor scan log API
>= 2.8.1, < 2.8.6, >= 2.9.0, < 2.9.4, >= 2.10.0, < 2.10.2