Home > Vulnerability Database > CVE-2022-31671

Mend.io Vulnerability Database

CVE-2022-31671

Good to know:

Date: May 26, 2022

Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs - API call. By sending a request that attempts to read P2P preheat execution logs and specifying different job ids, malicious authenticated users could read all the job logs stored in the Harbor database. This issue was patched in 1.10.3,2.4.3,2.5.2

Language: Go

Severity Score

5.0

Related Resources (4)

Url: https://github.com/advisories/GHSA-q76q-q8hw-hmpw

Url: https://github.com/goharbor/harbor/commit/2eabbfbf1691ed99e6385ef307f25789e532e4e8

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-31671

Url: https://www.mend.io/vulnerability-database/CVE-2022-31671

Severity Score

5.0

Top Fix

Upgrade Version

Upgrade to version v1.10.13,v2.4.3,v2.5.2

Learn More

CVSS v3.1

Base Score:	5.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-31671

Good to know:

Date: May 26, 2022

Language: Go

Severity Score

Related Resources (4)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?