2024-11-19
:
Harbor, an open-source artifact registry, is vulnerable to an Insecure Direct Object Reference (IDOR) flaw (CVE-2022-31667). This vulnerability allows an attacker with access to update a robot account to revoke permissions for a robot account belonging to a different project, even if they lack access to that project.
Vulnerability Details:
Platform: Harbor
Version: (Unaffected versions not specified)
Vulnerability: Insecure Direct Object Reference (IDOR) – CVE-2022-31667
Severity: High (CVSS details not yet available)
Date: November 14, 2024 (NVD Published Date)
What Undercode Says:
This vulnerability can be exploited by an attacker with limited access to potentially gain broader access within a Harbor deployment. It’s crucial to update Harbor to a patched version as soon as possible to mitigate this risk.
Recommendations:
Apply security patches for Harbor as soon as they become available.
Review robot account permissions and ensure they are granted with least privilege in mind.
Implement additional security measures to protect access to sensitive resources within Harbor.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help