2024-11-19
:
Harbor, a popular open-source artifact registry, has a vulnerability (CVE-2022-31669) that allows attackers to modify tag immutability policies for projects they don’t have access to. This can lead to unauthorized changes to how image tags are managed within the registry.
Vulnerability Details:
Platform: Harbor
Version: 1.0 through 1.10.12, 2.0 through 2.4.2 and 2.5 through 2.5.1 (all versions before the fix)
Vulnerability: Improper Authorization
Severity: High
Date: November 14, 2024 (NVD Publication Date)
What Undercode Says:
This vulnerability can be exploited by attackers to gain unauthorized control over image tags within Harbor registries. It’s crucial to update Harbor to a version that addresses this issue (versions after 1.10.12, 2.4.2, and 2.5.1).
Here are some additional points to consider:
The attacker needs to be authenticated to exploit this vulnerability.
The specific impact of exploiting this vulnerability will depend on how tag immutability policies are configured in your Harbor registry.
Recommendations:
Update Harbor to a fixed version as soon as possible.
Review your tag immutability policies to ensure they are configured appropriately.
For further information:
Refer to the National Vulnerability Database (NVD) entry for CVE-2022-31669: [Link to NVD entry]
Check the Harbor documentation for information on updating to a fixed version.
Please note: This information is for educational purposes only. It is recommended to consult with a security professional for specific guidance on mitigating this vulnerability in your environment.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help