We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-31671

Harbor fails to validate the user permissions when reading and updating job execution logs through the P2P preheat execution logs



Description

Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs stored in the Harbor database.

Reserved 2022-05-25 | Published 2024-11-14 | Updated 2024-11-14 | Assigner vmware


HIGH: 7.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Problem types

CWE-285

References

github.com/...harbor/security/advisories/GHSA-q76q-q8hw-hmpw

github.com/...harbor/security/advisories/GHSA-3wpx-625q-22j7

cve.org (CVE-2022-31671)

nvd.nist.gov (CVE-2022-31671)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2022-31671

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.