16 matches found
EUVD-2024-3308
Malicious code in bioql PyPI...
SUSE CVE-2022-31668
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in oth...
BIT-HARBOR-2022-31668 User permission validation failure and disclosure of P2P preheat execution logs
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in oth...
GHSA-R864-28PW-8682 Harbor fails to validate the user permissions when updating p2p preheat policies
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in oth...
Harbor fails to validate the user permissions when updating p2p preheat policies
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in oth...
CVE-2022-31671
Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs...
CVE-2022-31668
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in oth...
CVE-2022-31668 User permission validation failure and disclosure of P2P preheat execution logs
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in oth...
CVE-2022-31668 User permission validation failure and disclosure of P2P preheat execution logs
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in oth...
CVE-2022-31668
Harbor (github.com/goharbor/harbor) is affected by CVE-2022-31668 due to improper permission validation when updating p2p preheat policies. A request to update a policy with an id belonging to a project the authenticated user cannot access could allow modification of p2p preheat policies in other...
CVE-2022-31668 User permission validation failure and disclosure of P2P preheat execution logs
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in oth...
CVE-2022-31671 Harbor fails to validate the user permissions when reading and updating job execution logs through the P2P preheat execution logs
Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs...
CVE-2022-31671 Harbor fails to validate the user permissions when reading and updating job execution logs through the P2P preheat execution logs
Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs...
CVE-2022-31671 Harbor fails to validate the user permissions when reading and updating job execution logs through the P2P preheat execution logs
Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs...
GHSA-Q76Q-Q8HW-HMPW Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs
Impact Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs - API call GET /projects/projectname/preheat/policies/preheatpolicyname/executions/executionid/tasks/taskid/logs By sending a request that attempts to read P2P preheat...
Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs
Impact Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs - API call GET /projects/projectname/preheat/policies/preheatpolicyname/executions/executionid/tasks/taskid/logs By sending a request that attempts to read P2P preheat...