2024-11-19
Platform: Harbor
Version: All versions before 2.5.2
Vulnerability: Insecure Direct Object Reference (IDOR)
Severity: High
Date: November 14, 2024
What Undercode Says:
This CVE details a vulnerability in Harbor, an open-source artifact registry. The vulnerability allows malicious actors with authenticated access to read all job execution logs stored in the Harbor database. This happens because Harbor fails to properly validate user permissions when accessing logs through P2P preheat execution logs. To mitigate this risk, users should update Harbor to version 2.5.2 or later.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help