CVE-2024-22261 – SQL Injection in Harbor scan log API
https://notcve.org/view.php?id=CVE-2024-22261
SQL-Injection in Harbor allows priviledge users to leak the task IDs La inyección SQL en Harbour permite a los usuarios con privilegios filtrar los ID de las tareas • https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j • CWE-566: Authorization Bypass Through User-Controlled SQL Primary Key •
CVE-2024-22244 – Harbor Open Redirect URL
https://notcve.org/view.php?id=CVE-2024-22244
Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site. Open Redirect en Harbor <=v2.8.4, <=v2.9.2 y <=v2.10.0 puede redirigir a un usuario a un sitio malicioso. • https://github.com/goharbor/harbor/security/advisories/GHSA-5757-v49g-f6r7 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2023-20902 – Timing attack risk in Harbor
https://notcve.org/view.php?id=CVE-2023-20902
A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information. Una condición de sincronización en Harbor 2.6.x y anteriores, Harbor 2.7.2 y anteriores, Harbor 2.8.2 y anteriores y Harbor 1.10.17 y anteriores permite a un atacante con acceso a la red crear trabajos/detener tareas de trabajo y recuperar información de tareas de trabajo. . • https://github.com/goharbor/harbor/security/advisories/GHSA-mq6f-5xh5-hgcf • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •