cbcvebase.
CVE-2022-31671
published 2024-11-14

CVE-2022-31671: Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that…

PriorityP340high7.4CVSS 3.1
AVNACLPRLUINSCCLILAL
EPSS
0.51%
39.7th percentile
Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs stored in the Harbor database.

Affected

6 ranges
VendorProductVersion rangeFixed in
github.comgoharbor_harbor>= 1.0.0 < 1.10.131.10.13
github.comgoharbor_harbor>= 2.0.0 < 2.4.32.4.3
github.comgoharbor_harbor>= 2.5.0 < 2.5.22.5.2
linuxfoundationharbor
linuxfoundationharbor>= 2.0.0 < 2.4.32.4.3
linuxfoundationharbor>= 2.5.0 < 2.5.22.5.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.