CVE-2022-31671
Published
CVSS v3
7.4
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs stored in the Harbor database.
An open source trusted cloud native registry project that stores, signs, and scans content.
GitHub