BIT-HARBOR-2022-31666 Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects...

EUVD-2022-6853

Malicious code in bioql PyPI...

CVE-2022-31666

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects...

CVE-2022-31666

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects...

CVE-2022-31666 Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects...

CVE-2022-31666 Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies

Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects...

Information Disclosure

github.com/goharbor/harbor is vulnerable to information disclosure. The library fails to validate the user permissions to view Webhook policies including credentials configured in different projects, resulting in remote authenticated attackers being able to read Webhook policies of other...

Harbor fails to validate the user permissions when viewing Webhook policies

Impact Harbor fails to validate the user permissions to view Webhook policies including relevant credentials configured in different projects the user doesn’t have access to, resulting in malicious users being able to read Webhook policies of other users/projects. API call is GET...

GHSA-JF8P-3VJH-PQ94 Harbor fails to validate the user permissions when viewing Webhook policies

Impact Harbor fails to validate the user permissions to view Webhook policies including relevant credentials configured in different projects the user doesn’t have access to, resulting in malicious users being able to read Webhook policies of other users/projects. API call is GET...

PT-2022-20879

Name of the Vulnerable Software and Affected Versions Harbor versions prior to 2.5.2 Description The issue allows malicious users to view, update, and delete Webhook policies of other users due to a failure in validating user permissions. This can be exploited through the API endpoint "GET...