SQL-Injection in Harbor allows priviledge users to leak the task IDs
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NLinuxfoundation Harbor
APPLinuxfoundation2.8.1 – 2.8.6 (bez)2.9.0 – 2.9.4 (bez)2.10.0 – 2.10.2 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
Powiązane podatności
CVE-2022-31671HIGH7.4ten sam produkt
Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat...
CVE-2022-31666HIGH7.7ten sam produkt
Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, u...
CVE-2022-31668HIGH7.4ten sam produkt
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to upda...
CVE-2022-31670HIGH7.7ten sam produkt
Harbor fails to validate the user permissions when updating tag retention policies. By sending a request to ...
CVE-2022-46463HIGH7.5ten sam produkt
An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image reposit...