VYPR
← All advisories
Moderate severityNVD Advisory· Published Sep 29, 2020· Updated Aug 4, 2024

CVE-2020-13794

CVE-2020-13794

Description

Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Harbor 1.9.x, 1.10.x, and 2.0.x expose sensitive information to unauthorized actors, allowing access to confidential data.

Vulnerability

Overview

According to the NVD entry [4], Harbor versions 1.9.*, 1.10.*, and 2.0.* allow Exposure of Sensitive Information to an Unauthorized Actor. The root cause is insufficient authorization checks on certain API endpoints that return sensitive data without proper authentication.

Exploitation

An attacker can exploit this vulnerability by sending crafted requests to affected Harbor instances without needing any prior authentication. The attack surface is network-based, requiring only access to the Harbor service.

Impact

Successful exploitation leads to disclosure of sensitive information such as configuration details, credentials, or other internal data, which could be leveraged for further attacks or unauthorized access.

Mitigation

Harbor has released version 2.0.3 which addresses this vulnerability [3]. Users are advised to upgrade to 2.0.3 or later. No workarounds are documented.

References
  1. Release v2.0.3 · goharbor/harbor
  2. NVD - CVE-2020-13794

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/goharbor/harborGo
< 2.0.32.0.3

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.