Harbor DC-2022-31668

2024-11-19

Platform: Harbor

Version: Not specified

Vulnerability: Improper Authorization

Severity: High (CVSS: 7.4)

Date: November 14, 2024

What Undercode Says:

This CVE details a vulnerability in Harbor where an attacker could modify p2p preheat policies for projects they shouldn’t have access to. This happens because Harbor fails to properly validate user permissions when updating these policies.

An attacker could exploit this by sending a request to update a p2p preheat policy with an ID belonging to another project. This would allow them to modify the policy for that project, potentially impacting its security.

Here’s a breakdown of the issue:

Vulnerability: Improper Authorization (CVE-2022-31668)

Affected Software: Harbor

Impact: An attacker can modify p2p preheat policies for unauthorized projects.
Severity: High (CVSS: 7.4)

Recommendations:

Update Harbor to a version that addresses this vulnerability (if available).
Review your p2p preheat policies and ensure they are configured correctly.
Implement additional security measures to protect your Harbor instance.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top