exploitDog

GHSA-gm4w-75rj-3wr6

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account.

Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account.

Ссылки

EPSS

Процентиль: 62%

0.0044

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-276

Связанные уязвимости

CVE-2019-16919

CVSS3: 7.5

nvd

больше 5 лет назад

Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper project permissions and project scope on the API request to create a new robot account.

BDU:2019-04536

CVSS3: 7.5

fstec

больше 5 лет назад

Уязвимость реестра для Docker-контейнеров Harbor, связанная с ошибками использования стандартных разрешений, позволяющая нарушителю повысить свои привилегии и получить несанкционированный доступ к смежным проектам

EPSS

Процентиль: 62%

0.0044

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-276