2024-11-19
Platform: Harbor
Version: Not specified
Vulnerability: Improper Authorization
Severity: High (CVSS: 7.4)
Date: November 14, 2024
What Undercode Says:
This CVE details a vulnerability in Harbor where an attacker could modify p2p preheat policies for projects they shouldn’t have access to. This happens because Harbor fails to properly validate user permissions when updating these policies.
An attacker could exploit this by sending a request to update a p2p preheat policy with an ID belonging to another project. This would allow them to modify the policy for that project, potentially impacting its security.
Here’s a breakdown of the issue:
Vulnerability: Improper Authorization (CVE-2022-31668)
Affected Software: Harbor
Impact: An attacker can modify p2p preheat policies for unauthorized projects.
Severity: High (CVSS: 7.4)
Recommendations:
Update Harbor to a version that addresses this vulnerability (if available).
Review your p2p preheat policies and ensure they are configured correctly.
Implement additional security measures to protect your Harbor instance.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help