harbor
Safeguard articles tagged "harbor" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Harbor Registry Privilege Escalation via Self-Registratio...
CVE-2019-16097 let attackers self-register as Harbor admins via a single API call. Here's the impact, affected versions, timeline, and how to remediate it.
Harbor Arbitrary File Overwrite via Chart Upload Path Tra...
CVE-2020-13788 let authenticated users overwrite arbitrary files on Harbor via path traversal in Helm chart uploads. Here's the impact, fix, and remediation steps.
Harbor CSRF Token Bypass Enabling Session Hijack (CVE-202...
CVE-2022-31663 let attackers bypass Harbor's CSRF protections to hijack authenticated sessions. Here's the impact, affected versions, and how to remediate.
Harbor Registry Security Configuration: A Complete Hardening Guide
Harbor is the most popular open-source container registry. Its security features are powerful but require deliberate configuration to be effective.
Container Registry Hardening: The 2022 Baseline
Your container registry is a signing oracle, a software distribution system, and a typosquat target rolled into one. Here is the hardening baseline for 2022.