Harbor DC-2022-31671

2024-11-19

Platform: Harbor

Version: All versions before 2.5.2

Vulnerability: Insecure Direct Object Reference (IDOR)

Severity: High

Date: November 14, 2024

What Undercode Says:

This CVE details a vulnerability in Harbor, an open-source artifact registry. The vulnerability allows malicious actors with authenticated access to read all job execution logs stored in the Harbor database. This happens because Harbor fails to properly validate user permissions when accessing logs through P2P preheat execution logs. To mitigate this risk, users should update Harbor to version 2.5.2 or later.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top