Go modules package
github.com/goharbor/harbor
pkg:golang/github.com/goharbor/harbor
Vulnerabilities (22)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-19025 | — | >= 1.7.0, < 1.8.6 | 1.8.6 | Mar 20, 2020 | Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform. | ||
| CVE-2019-16097 | — | >= 1.7.0, < 1.9.0-rc1 | 1.9.0-rc1 | Sep 8, 2019 | core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without app |
- CVE-2019-19025Mar 20, 2020affected >= 1.7.0, < 1.8.6fixed 1.8.6
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container Registry for the Pivotal Platform.
- CVE-2019-16097Sep 8, 2019affected >= 1.7.0, < 1.9.0-rc1fixed 1.9.0-rc1
core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without app
Page 2 of 2