EUVD-2022-6741

Malicious code in bioql PyPI...

BIT-HARBOR-2022-31669 Harbor fails to validate the user permissions when updating tag immutability policies

Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies...

CVE-2022-31669

Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies...

CVE-2022-31669

Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies...

CVE-2022-31669 Harbor fails to validate the user permissions when updating tag immutability policies

Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies...

Improper Authorization

github.com/goharbor/harbor is vulnerable to improper authorization. A remote authenticated attacker is able to gain access to unauthorized projects due to improper validation of the user permissions when updating tag immutability policies...

GHSA-8C6P-V837-77F6 Harbor fails to validate the user permissions when updating tag immutability policies

Impact Harbor fails to validate the user permissions when updating tag immutability policies - API call: PUT /projects/projectnameorid/immutabletagrules/immutableruleid By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated...

Harbor fails to validate the user permissions when updating tag immutability policies

Impact Harbor fails to validate the user permissions when updating tag immutability policies - API call: PUT /projects/projectnameorid/immutabletagrules/immutableruleid By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated...

PT-2022-20881 · Harbor · Harbor

Name of the Vulnerable Software and Affected Versions: Harbor versions prior to 2.5.2 Description: The issue arises from Harbor's failure to validate user permissions when updating tag immutability policies. This can be exploited by sending a request to update a tag immutability policy with an id...