We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs stored in the Harbor database.
Reserved 2022-05-25 | Published 2024-11-14 | Updated 2024-11-14 | Assigner vmwaregithub.com/...harbor/security/advisories/GHSA-q76q-q8hw-hmpw
github.com/...harbor/security/advisories/GHSA-3wpx-625q-22j7
Support options