Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs stored in the Harbor database.
History

Tue, 19 Nov 2024 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Linuxfoundation
Linuxfoundation harbor
Weaknesses CWE-863
CPEs cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:*
Vendors & Products Linuxfoundation
Linuxfoundation harbor

Thu, 14 Nov 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 14 Nov 2024 11:45:00 +0000

Type Values Removed Values Added
Description Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs stored in the Harbor database.
Title Harbor fails to validate the user permissions when reading and updating job execution logs through the P2P preheat execution logs
Weaknesses CWE-285
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2024-11-14T11:42:22.373Z

Updated: 2024-11-14T14:10:27.403Z

Reserved: 2022-05-25T23:31:47.419Z

Link: CVE-2022-31671

cve-icon Vulnrichment

Updated: 2024-11-14T14:10:13.631Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-14T12:15:17.250

Modified: 2024-11-19T15:40:44.150

Link: CVE-2022-31671

cve-icon Redhat

No data.