Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs stored in the Harbor database.
Metrics
Affected Vendors & Products
References
History
Tue, 19 Nov 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linuxfoundation
Linuxfoundation harbor |
|
Weaknesses | CWE-863 | |
CPEs | cpe:2.3:a:linuxfoundation:harbor:*:*:*:*:*:*:*:* | |
Vendors & Products |
Linuxfoundation
Linuxfoundation harbor |
Thu, 14 Nov 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 14 Nov 2024 11:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs stored in the Harbor database. | |
Title | Harbor fails to validate the user permissions when reading and updating job execution logs through the P2P preheat execution logs | |
Weaknesses | CWE-285 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: vmware
Published: 2024-11-14T11:42:22.373Z
Updated: 2024-11-14T14:10:27.403Z
Reserved: 2022-05-25T23:31:47.419Z
Link: CVE-2022-31671
Vulnrichment
Updated: 2024-11-14T14:10:13.631Z
NVD
Status : Analyzed
Published: 2024-11-14T12:15:17.250
Modified: 2024-11-19T15:40:44.150
Link: CVE-2022-31671
Redhat
No data.