Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31670 | 1 Linuxfoundation | 1 Harbor | 2024-11-19 | N/A | 7.7 HIGH |
| Harbor fails to validate the user permissions when updating tag retention policies. By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag retention policies configured in other projects. | |||||
| CVE-2022-31669 | 1 Linuxfoundation | 1 Harbor | 2024-11-19 | N/A | 6.4 MEDIUM |
| Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies configured in other projects. | |||||
| CVE-2024-22278 | 1 Linuxfoundation | 1 Harbor | 2024-08-14 | N/A | 6.4 MEDIUM |
| Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations. | |||||