We found results for “


Good to know:


Date: May 26, 2022

Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs - API call. By sending a request that attempts to read P2P preheat execution logs and specifying different job ids, malicious authenticated users could read all the job logs stored in the Harbor database. This issue was patched in 1.10.3,2.4.3,2.5.2

Language: Go

Severity Score

Severity Score

Top Fix


Upgrade Version

Upgrade to version v1.10.13,v2.4.3,v2.5.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us