We found results for “”
CVE-2022-31671
Good to know:
Date: May 26, 2022
Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs - API call. By sending a request that attempts to read P2P preheat execution logs and specifying different job ids, malicious authenticated users could read all the job logs stored in the Harbor database. This issue was patched in 1.10.3,2.4.3,2.5.2
Language: Go
Severity Score
Severity Score
Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |