GHSA-PRH4-VHFH-24MJ Harbor: LDAP password and OIDC secret are not redacted in the audit log

Impact Harbor write configuration payload to audit log when configuration change, the ldapsearchpassword and oidcclientsecret will be logged in the audit log without redacted Patches Harbor v2.15.0, v2.14.3, v2.13.5 Workarounds Disable audit log configure event in Harbor Web Console: Go to...

CVE-2022-31666

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects...