Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for Harbor by Harbor

    CVE-2026-4404 (GCVE-0-2026-4404)

    Vulnerability from nvd – Published: 2026-03-23 14:47 – Updated: 2026-03-24 15:25
    VLAI
    Title
    Use of hard coded credentials in GoHarbor Harbor
    Summary
    Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Harbor Harbor Affected: 0.1.0 , ≤ 2.15.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 9.4,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4404",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-23T15:24:29.261835Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-798",
                    "description": "CWE-798 Use of Hard-coded Credentials",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1393",
                    "description": "CWE-1393 Use of Default Password",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-23T15:25:52.414Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-24T15:25:10.390Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/577436"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Harbor",
              "vendor": "Harbor",
              "versions": [
                {
                  "lessThanOrEqual": "2.15.0",
                  "status": "affected",
                  "version": "0.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-23T14:47:13.396Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://goharbor.io/docs/1.10/install-config/run-installer-script/#:~:text=If%20you%20did%20not%20change%20them%20in%20harbor.yml,%20the%20default%20administrator%20username%20and%20password%20are%20admin%20and%20Harbor12345"
            },
            {
              "url": "https://github.com/goharbor/harbor/issues/1937"
            },
            {
              "url": "https://cwe.mitre.org/data/definitions/1393.html"
            },
            {
              "url": "https://github.com/goharbor/harbor/pull/22751"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Use of hard coded credentials in GoHarbor Harbor",
          "x_generator": {
            "engine": "VINCE 3.0.34",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-4404"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-4404",
        "datePublished": "2026-03-23T14:47:13.396Z",
        "dateReserved": "2026-03-18T19:43:57.063Z",
        "dateUpdated": "2026-03-24T15:25:10.390Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-22278 (GCVE-0-2024-22278)

    Vulnerability from nvd – Published: 2024-08-02 00:59 – Updated: 2024-08-14 21:35
    VLAI
    Title
    Harbor fails to validate the user permissions when updating project configurations
    Summary
    Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    harbor harbor Affected: 2.9.4 , < <v2.9.5 (custom)
    Affected: 2.10.2 , < <v2.10.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22278",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T16:14:46.125656Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:15:02.950Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "harbor",
              "vendor": "harbor",
              "versions": [
                {
                  "lessThan": "\u003cv2.9.5",
                  "status": "affected",
                  "version": "2.9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "\u003cv2.10.3",
                  "status": "affected",
                  "version": "2.10.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect user permission validation in Harbor \u0026lt;v2.9.5 and Harbor \u0026lt;v2.10.3 allows authenticated users to modify configurations."
                }
              ],
              "value": "Incorrect user permission validation in Harbor \u003cv2.9.5 and Harbor \u003cv2.10.3 allows authenticated users to modify configurations."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-176",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-176 Configuration/Environment Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-14T21:35:37.751Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-hw28-333w-qxp3"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Harbor fails to validate the user permissions when updating project configurations",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2024-22278",
        "datePublished": "2024-08-02T00:59:55.313Z",
        "dateReserved": "2024-01-08T18:43:18.959Z",
        "dateUpdated": "2024-08-14T21:35:37.751Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22261 (GCVE-0-2024-22261)

    Vulnerability from nvd – Published: 2024-06-10 23:25 – Updated: 2024-08-01 22:43
    VLAI
    Title
    SQL Injection in Harbor scan log API
    Summary
    SQL-Injection in Harbor allows priviledge users to leak the task IDs
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Harbor Harbor Affected: 2.8.1 , ≤ 2.8.5 (custom)
    Affected: 2.9.0 , ≤ 2.9.3 (custom)
    Affected: 2.10.0 , ≤ 2.10.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22261",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-12T19:29:24.478745Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-12T20:26:08.086Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:34.096Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Harbor",
              "product": "Harbor",
              "repo": "https://github.com/goharbor",
              "vendor": "Harbor",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.5",
                  "status": "affected",
                  "version": "2.8.1",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.9.3",
                  "status": "affected",
                  "version": "2.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.10.1",
                  "status": "affected",
                  "version": "2.10.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eSQL-Injection in Harbor allows priviledge users to leak the task IDs\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "SQL-Injection in Harbor allows priviledge users to leak the task IDs"
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-566",
                  "description": "CWE-566",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-10T23:25:32.158Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SQL Injection in Harbor scan log API",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2024-22261",
        "datePublished": "2024-06-10T23:25:32.158Z",
        "dateReserved": "2024-01-08T18:43:17.077Z",
        "dateUpdated": "2024-08-01T22:43:34.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22244 (GCVE-0-2024-22244)

    Vulnerability from nvd – Published: 2024-06-10 23:02 – Updated: 2024-08-01 22:43
    VLAI
    Title
    Harbor Open Redirect URL
    Summary
    Open Redirect in Harbor  <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    Harbor Harbor Affected: 2.8 , ≤ 2.8.4 (custom)
    Unknown: 2.9 , ≤ 2.9.2 (custom)
    Affected: 2.10 , ≤ 2.10.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T18:31:28.512933Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T18:31:37.085Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:33.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-5757-v49g-f6r7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Harbor",
              "repo": "https://github.com/goharbor/harbor",
              "vendor": "Harbor",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.4",
                  "status": "affected",
                  "version": "2.8",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.9.2",
                  "status": "unknown",
                  "version": "2.9",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.10.0",
                  "status": "affected",
                  "version": "2.10",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Open Redirect in Harbor\u0026nbsp; \u0026lt;=v2.8.4, \u0026lt;=v2.9.2, and \u0026lt;=v2.10.0 may redirect a user to a malicious site."
                }
              ],
              "value": "Open Redirect in Harbor\u00a0 \u003c=v2.8.4, \u003c=v2.9.2, and \u003c=v2.10.0 may redirect a user to a malicious site."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-98",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-98 Phishing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-10T23:02:59.347Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-5757-v49g-f6r7"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Harbor Open Redirect URL",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2024-22244",
        "datePublished": "2024-06-10T23:02:59.347Z",
        "dateReserved": "2024-01-08T18:43:03.535Z",
        "dateUpdated": "2024-08-01T22:43:33.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-4404 (GCVE-0-2026-4404)

    Vulnerability from cvelistv5 – Published: 2026-03-23 14:47 – Updated: 2026-03-24 15:25
    VLAI
    Title
    Use of hard coded credentials in GoHarbor Harbor
    Summary
    Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Harbor Harbor Affected: 0.1.0 , ≤ 2.15.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 9.4,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4404",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-23T15:24:29.261835Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-798",
                    "description": "CWE-798 Use of Hard-coded Credentials",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1393",
                    "description": "CWE-1393 Use of Default Password",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-23T15:25:52.414Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-03-24T15:25:10.390Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.kb.cert.org/vuls/id/577436"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Harbor",
              "vendor": "Harbor",
              "versions": [
                {
                  "lessThanOrEqual": "2.15.0",
                  "status": "affected",
                  "version": "0.1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-23T14:47:13.396Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://goharbor.io/docs/1.10/install-config/run-installer-script/#:~:text=If%20you%20did%20not%20change%20them%20in%20harbor.yml,%20the%20default%20administrator%20username%20and%20password%20are%20admin%20and%20Harbor12345"
            },
            {
              "url": "https://github.com/goharbor/harbor/issues/1937"
            },
            {
              "url": "https://cwe.mitre.org/data/definitions/1393.html"
            },
            {
              "url": "https://github.com/goharbor/harbor/pull/22751"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Use of hard coded credentials in GoHarbor Harbor",
          "x_generator": {
            "engine": "VINCE 3.0.34",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-4404"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2026-4404",
        "datePublished": "2026-03-23T14:47:13.396Z",
        "dateReserved": "2026-03-18T19:43:57.063Z",
        "dateUpdated": "2026-03-24T15:25:10.390Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-22278 (GCVE-0-2024-22278)

    Vulnerability from cvelistv5 – Published: 2024-08-02 00:59 – Updated: 2024-08-14 21:35
    VLAI
    Title
    Harbor fails to validate the user permissions when updating project configurations
    Summary
    Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    harbor harbor Affected: 2.9.4 , < <v2.9.5 (custom)
    Affected: 2.10.2 , < <v2.10.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22278",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T16:14:46.125656Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:15:02.950Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "harbor",
              "vendor": "harbor",
              "versions": [
                {
                  "lessThan": "\u003cv2.9.5",
                  "status": "affected",
                  "version": "2.9.4",
                  "versionType": "custom"
                },
                {
                  "lessThan": "\u003cv2.10.3",
                  "status": "affected",
                  "version": "2.10.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect user permission validation in Harbor \u0026lt;v2.9.5 and Harbor \u0026lt;v2.10.3 allows authenticated users to modify configurations."
                }
              ],
              "value": "Incorrect user permission validation in Harbor \u003cv2.9.5 and Harbor \u003cv2.10.3 allows authenticated users to modify configurations."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-176",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-176 Configuration/Environment Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-14T21:35:37.751Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-hw28-333w-qxp3"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Harbor fails to validate the user permissions when updating project configurations",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2024-22278",
        "datePublished": "2024-08-02T00:59:55.313Z",
        "dateReserved": "2024-01-08T18:43:18.959Z",
        "dateUpdated": "2024-08-14T21:35:37.751Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22261 (GCVE-0-2024-22261)

    Vulnerability from cvelistv5 – Published: 2024-06-10 23:25 – Updated: 2024-08-01 22:43
    VLAI
    Title
    SQL Injection in Harbor scan log API
    Summary
    SQL-Injection in Harbor allows priviledge users to leak the task IDs
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Harbor Harbor Affected: 2.8.1 , ≤ 2.8.5 (custom)
    Affected: 2.9.0 , ≤ 2.9.3 (custom)
    Affected: 2.10.0 , ≤ 2.10.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22261",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-12T19:29:24.478745Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-12T20:26:08.086Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:34.096Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Harbor",
              "product": "Harbor",
              "repo": "https://github.com/goharbor",
              "vendor": "Harbor",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.5",
                  "status": "affected",
                  "version": "2.8.1",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.9.3",
                  "status": "affected",
                  "version": "2.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.10.1",
                  "status": "affected",
                  "version": "2.10.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eSQL-Injection in Harbor allows priviledge users to leak the task IDs\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "SQL-Injection in Harbor allows priviledge users to leak the task IDs"
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "data"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-566",
                  "description": "CWE-566",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-10T23:25:32.158Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-vw63-824v-qf2j"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SQL Injection in Harbor scan log API",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2024-22261",
        "datePublished": "2024-06-10T23:25:32.158Z",
        "dateReserved": "2024-01-08T18:43:17.077Z",
        "dateUpdated": "2024-08-01T22:43:34.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22244 (GCVE-0-2024-22244)

    Vulnerability from cvelistv5 – Published: 2024-06-10 23:02 – Updated: 2024-08-01 22:43
    VLAI
    Title
    Harbor Open Redirect URL
    Summary
    Open Redirect in Harbor  <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    Harbor Harbor Affected: 2.8 , ≤ 2.8.4 (custom)
    Unknown: 2.9 , ≤ 2.9.2 (custom)
    Affected: 2.10 , ≤ 2.10.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T18:31:28.512933Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T18:31:37.085Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:33.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-5757-v49g-f6r7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Harbor",
              "repo": "https://github.com/goharbor/harbor",
              "vendor": "Harbor",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.4",
                  "status": "affected",
                  "version": "2.8",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.9.2",
                  "status": "unknown",
                  "version": "2.9",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.10.0",
                  "status": "affected",
                  "version": "2.10",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Open Redirect in Harbor\u0026nbsp; \u0026lt;=v2.8.4, \u0026lt;=v2.9.2, and \u0026lt;=v2.10.0 may redirect a user to a malicious site."
                }
              ],
              "value": "Open Redirect in Harbor\u00a0 \u003c=v2.8.4, \u003c=v2.9.2, and \u003c=v2.10.0 may redirect a user to a malicious site."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-98",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-98 Phishing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-10T23:02:59.347Z",
            "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
            "shortName": "vmware"
          },
          "references": [
            {
              "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-5757-v49g-f6r7"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Harbor Open Redirect URL",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "assignerShortName": "vmware",
        "cveId": "CVE-2024-22244",
        "datePublished": "2024-06-10T23:02:59.347Z",
        "dateReserved": "2024-01-08T18:43:03.535Z",
        "dateUpdated": "2024-08-01T22:43:33.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }