Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies
Vulnerability Description
Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
授权机制不恰当
Vulnerability Title
Harbor 授权问题漏洞
Vulnerability Description
Harbor是Harbor开源的一个开源注册表。通过策略和基于角色的访问控制来保护工件,确保图像被扫描并且没有漏洞,并将图像签名为可信的。 Harbor 2.4.2及之前的2.4.x版本和2.5.1及之前的2.5.X版本存在授权问题漏洞,该漏洞源于删除Webhook策略时未验证用户权限,允许恶意用户查看、更新和删除其他用户的Webhook策略。
CVSS Information
N/A
Vulnerability Type
N/A