CVE-2020-13788
https://notcve.org/view.php?id=CVE-2020-13788
Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet. Harbor versiones anteriores a 2.0.1, permite un ataque de tipo SSRF con esta limitación: un atacante con la capacidad de editar proyectos puede escanear puertos de hosts accesibles en la intranet del servidor Harbor • https://github.com/goharbor/harbor/releases https://www.soluble.ai/blog/harbor-ssrf-cve-2020-13788 https://www.youtube.com/watch?v=v8Isqy4yR3Q • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2019-19023
https://notcve.org/view.php?id=CVE-2019-19023
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 has a Privilege Escalation Vulnerability in the VMware Harbor Container Registry for the Pivotal Platform. Cloud Native Computing Foundation Harbor versiones anteriores a 1.8.6 y 1.9.3, presenta una Vulnerabilidad de Escalada de Privilegios en el VMware Harbor Container Registry para la Pivotal Platform. • https://github.com/goharbor/harbor/security/advisories https://tanzu.vmware.com/security/cve-2019-19023 •
CVE-2019-19029
https://notcve.org/view.php?id=CVE-2019-19029
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform. Cloud Native Computing Foundation Harbor versiones anteriores a 1.8.6 y 1.9.3, permite una inyección SQL por medio de grupos de usuarios en el VMware Harbor Container Registry para la Pivotal Platform. • https://github.com/goharbor/harbor/security/advisories https://github.com/goharbor/harbor/security/advisories/GHSA-qcfv-8v29-469w https://tanzu.vmware.com/security/cve-2019-19029 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-19026
https://notcve.org/view.php?id=CVE-2019-19026
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform. Cloud Native Computing Foundation Harbor versiones anteriores a 1.8.6 y 1.9.3, permite una inyección SQL por medio de cuotas de proyecto en el VMware Harbor Container Registry para la Pivotal Platform. • https://github.com/goharbor/harbor/security/advisories https://github.com/goharbor/harbor/security/advisories/GHSA-rh89-vvrg-fg64 https://tanzu.vmware.com/security/cve-2019-19026 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2019-19025
https://notcve.org/view.php?id=CVE-2019-19025
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform. Cloud Native Computing Foundation Harbor versiones anteriores a 1.8.6 y 1.9.3, permite un ataque de tipo CSRF en el VMware Harbor Container Registry para la Pivotal Platform. • https://github.com/goharbor/harbor/security/advisories https://github.com/goharbor/harbor/security/advisories/GHSA-gcqm-v682-ccw6 https://tanzu.vmware.com/security/cve-2019-19025 • CWE-352: Cross-Site Request Forgery (CSRF) •