HIGH🇬🇧 English

CVE-2022-31671

CVSS 7.4v3.1pub. 2024-11-14upd. 2024-11-19

Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs stored in the Harbor database.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
  • Linuxfoundation Harbor

    APP
    Linuxfoundation
    2.0.0 – 2.4.3 (bez)2.5.0 – 2.5.2 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-31670HIGH7.7ten sam produkt

Harbor fails to validate the user permissions when updating tag retention policies.  By sending a request to ...

CVE-2022-31666HIGH7.7ten sam produkt

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, u...

CVE-2022-31668HIGH7.4ten sam produkt

Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to upda...

CVE-2022-46463HIGH7.5ten sam produkt

An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image reposit...

CVE-2019-19025HIGH8.8ten sam produkt

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container R...