{"id":"CVE-2020-29662","details":"In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauthenticated path.","aliases":["BIT-harbor-2020-29662","GHSA-38r5-34mr-mvm7","GO-2022-0785"],"modified":"2026-03-13T22:14:32.996349Z","published":"2021-02-02T21:15:13.960Z","related":["GHSA-38r5-34mr-mvm7"],"references":[{"type":"ADVISORY","url":"https://github.com/goharbor/harbor/security/advisories/GHSA-38r5-34mr-mvm7"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/goharbor/harbor","events":[{"introduced":"d0f3ddddab96f25b7c2de18e7aebf8f79c7b19cc"},{"fixed":"703debf691b67d75d55a24c7f8f88b36e0662845"},{"introduced":"0921beaf4cb2949b346a912daab871b41064cd83"},{"fixed":"fcc6751d5439da1b58f2553cb49b7db9bc3ad17a"}],"database_specific":{"versions":[{"introduced":"2.0"},{"fixed":"2.0.5"},{"introduced":"2.1.0"},{"fixed":"2.1.2"}]}}],"versions":["v2.0.0","v2.0.1","v2.0.1-rc1","v2.0.2","v2.0.2-rc1","v2.0.3","v2.0.3-rc1","v2.0.4","v2.0.4-rc1","v2.0.4-rc2","v2.1.0","v2.1.0-rc1","v2.1.0-rc2","v2.1.0-rc3","v2.1.0-tech-preview","v2.1.0-tech-prview","v2.1.1","v2.1.1-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-29662.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}