HIGHπŸ‡΅πŸ‡± Wersja polska

CVE-2022-46463

CVSS 7.5v3.1pub. 2023-01-13upd. 2025-04-08

An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. NOTE: the vendor's position is that this "is clearly described in the documentation as a feature."

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Linuxfoundation Harbor

    APP
    Linuxfoundation
    1.1.0 – 2.5.3
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-31671HIGH7.4ten sam produkt

Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat...

CVE-2022-31666HIGH7.7ten sam produkt

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, u...

CVE-2022-31668HIGH7.4ten sam produkt

Harbor fails to validate the user permissions when updating p2p preheat policies.Β By sending a request to upda...

CVE-2022-31670HIGH7.7ten sam produkt

Harbor fails to validate the user permissions when updating tag retention policies.Β  By sending a request to ...

CVE-2019-19025HIGH8.8ten sam produkt

Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows CSRF in the VMware Harbor Container R...

CVE-2022-46463 β€” Linuxfoundation β€” Harbor β€” HIGH β€” CVSS 7.5 | CVEbaza.pl